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214. A chain of handling and control system for enabling a 
party not directly participating in an electronic value chain to 
contribute secure control information to enforce at least one 
control requirement, said system characterized by; 

means for allowing a first value chain participant to 
stipulate control information associated with digital information, 

means for allowing the not directly participating party to 
independently and securely contribute secure control information 
for inclusion in an aggregate control information set including 
said associated control information, 

and means responsive to said aggregate control 
information for at least in part managing conditions related to 
the use of at least a portion of said digital information by a 
second value chain participant. 

215. A method of electronic commerce control information 
management for delegating the administration of certain rights 
held by a value chain party to a second value chain party 
characterized by the step of said first party stipulating secure 
control information describing at least a portion of their rights 
related to one or more chain of handling and control electronic 
events wherein said first party provides further control 
information authorizing said second party to administer some or 
all of said rights as an agent for said first party. 
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216. A system for electronic commerce control information 
management for delegating the administration of certain rights 
held by a value chain party to a second value chain party 
characterized by: 

means for allowing said first party to stipulate secure 
control information describing at least a portion of their rights 
related to one or more chain of handling and control electronic 
events; and 

means for allowing said first party to provide further 
control information authorizing said second party to a<iminister 
some or all of said rights as an agent for said first party. 

217. A method of governing taxation of commercial events 
resulting from electronic chain of handling and control 
characterized by a first step of distributing secure digital 
information to a user and specifying secure control information 
controlling at least one condition for use of said digital 
information and a second step of a government agency securely, 
independently contributing secure control information for 
automatically governing tax payments for said commercial 
events. 

218. A system for governing taxation of commercial events 
resulting from electronic chain of handling and control 
characterized by: 
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means for distributing secure digital information to a user; 

means for specifying secure control information controlling 
at least one condition for use of said digital information; and 

means for allowing a government agency to securely, 
independently contribute secure control information for 
automatically governing tax payments for said commercial 
events. 

219. A method of governing privacy rights related to 
electronic events characterized by a first step of a first party 
protecting digital information containing information descriptive 
of preventing a second party from at least one unauthorized use 
and a second step of specifying certain control information 
related to use of at least a portion of said protected digital 
information, wherein said control information enforces at least 
one right of said second party related to privacy and/or permitted 
use(s) of personal and/or proprietary information included in said 
protected digital information. 

220. A system for governing privacy rights related to 
electronic events characterized by: 

means for permitting a first party to protect digital 
information containing information descriptive of preventing a 
second party from at least one unauthorized use; 
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means for specifying certain control information related to 
use of at least a portion of said protected digital information; and 

means for using the control information to enforce at least 
one right of said second party related to privacy and/or permitted 
use(s) of personal and/or proprietary information included in said 
protected digital information. 

221. A method of governing privacy rights related to 
electronic events characterized by a first step of a first party 
protecting digital information from at least one unauthorized use 
and stipulating certain control information for establishing 
conditions for use of said protected information and a second step 
of a user of said digital information stipulating further control 
information regulating the reporting of information regarding 
said user's use of at least a portion of said digital information. 

222. A system for governing privacy rights related to 
electronic events characterized by: 

means for allowing a first party to protect digital 
information from at least one unauthorized use and for 
stipulating certain control information for establishing conditions 
for use of said protected information; and 

means for allowing a user of said digital information to 
stipulate further control information regulating the reporting of 
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information regarding said user's use of at least a portion of said 
digital information. 

223. A secure method for regulating electronic conduct and 
commerce characterized by a step of distributing interoperable 
protected processing environments and circulating amongst 
plural recipients of said protected processing environments 
software containers containing digital content and related 
content control information prepared for use by at least a portion 
of said protected processing environments, wherein said method 
includes the further step of regulating the use at least some of 
said digital content based, at least in part, on the secure 
processing of at least a portion of said control information 
through the use of at least one protected processing environment. 

224, A secure system for regulating electronic conduct and 
commerce characterized by: 

distributed interoperable protected processing 
environments, 

means for circulating, amongst said protected processing 
environments, software containers containing digital content and 
related content control information prepared for use by at least a 
portion of said protected processing environments, and 

means within at least some of the protected processing 
environments for regulating the use at least some of said digital 
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content based, at least in part, on the secure processing of at 
least a portion of said control information. 

225. A method of electronic commerce networking for 
enabling a secure electronic retail environment characterized by 
the step of supplying user certified control information, smart 
cards, secure processing units, and retailing terminal 
arrangements networked together using VDE communication 
techniques and secure software containers. 

226. An electronic commerce networking system for 
enabling a secure electronic retail environment characterized by: 

means for networking together smart cards, secure 
processing units, and retailing terminal arrangements; and 

means for making the smart cards, secure processing units, 
and retailing terminal arrangements interoperable with one 
another and with VDE communication techniques and secure 
software containers. 

227. A method of enabling electronic commerce appliances 
for securely administering user rights in commerce activities 
characterized by the step of providing to users at least a portion 
of a VDE node contained within a physical device, said device 
being configured to be compatible with mating connectors in host 
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systems for supporting secure, interoperable transaction activity 
between plural parties. 

228. A system for securely administering user rights in 
commerce activities comprising a physical device including at 
least a portion of a portable VDE node, said device being 
configured to be compatible with mating connectors in host 
systems for supporting secure, interoperable transaction activity 
between plural parties. 

229. A method for enabling a programmable, electronic 
commerce environment characterized by the step of providing to 
multiple parties secure commerce nodes that securely process 
separate, modular component billing management methods, 
budgeting management methods, metering management 
methods, and related auditing management methods and further 
characterized by the step of supporting triggering of metering, 
auditing, billing, and budgeting methods in response to electronic 
commerce event activities. 

230. A programmable, electronic commerce environment 
characterized by secure commerce nodes each including: 

means for securely processing separate, modular 
component billing management methods, budgeting management 
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methods, metering management methods, and related auditing 
management methods, and 

means for supporting triggering of metering, auditing, 
billing, and budgeting methods in response to electronic 
commerce event activities, 

231. An electronic commerce system including modular, 
standardized control components comprising electronic commerce 
event control instructions stipulated by commerce participants, 
and plural electronic appliances containing one or more secure 
processing units which process at least a portion of such 
commerce event control instructions, said system further 
containing one or more databases, operatively connected to at 
least one of the secure processing units, for at least in part 
securely storing at least a portion of such control instructions for 
use by said at least one secure processing unit. 

232. In an electronic commerce system including modular, 
standardized control components comprising electronic commerce 
event control instructions stipulated by commerce participants, 
and plural electronic appliances containing one or more secure 
processing units which process at least a portion of such 
commerce event control instructions, a method characterized by 
the step of providing one or more secure databases, operatively 
connected to at least one of the secure processing units, and at 
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least in part securely storing, within the secure databases, at 
least a portion of such control instructions for use by said at least 
one secure processing unit. 

233. A content distribution system comprising plural 
electronic appliances containing one or more interoperable secure 
processing units operatdvely connected to one or more databases 
for use with at least one of said secure processing units, said one 
or more databases containing (a) one or more decryption keys for 
use in decrypting distributed, encrypted digital information, and 
(b) encrypted audit information, said audit information reflecting 
at least one aspect of use of said distributed digital information 

234. A content distribution method comprising: 
distributing plural electronic appliances containing one or 

more interoperable secure processing units 

operatively connecting the appliances to one or more 
databases, 

storing within said one or more databases one or more 
decryption keys, 

using the decryption keys for decrypting distributed, 
encrypted digital information, and 

storing within the one or more databases encrypted audit 
information, said audit information reflecting at least one aspect 
of use of said distributed digital information. 



1005 



WO 96/27155 



PCT/US96/02303 



235. An electronic currency system comprising plural, 
electronic appliances containing (a) protected processing 
environments, (b) encrypted electronic currency and related 
secure control information configured bo as to be useable by at 
least one of said protected processing environments, and (c) 
usage reporting means for securely communicating electronic 
currency usage related information from a first interoperable 
protected processing environment to a second interoperable 
protected processing environment. 

236. An electronic currency method comprising: 
distributing plural, electronic appliances containing (a) 

protected processing environments, (b) encrypted electronic 
currency and related secure control information configured so as 
to be useable by at least one of said protected processing 
environments, and 

securely communicating electronic currency usage related 
information from a first interoperable protected processing 
environment to a second interoperable protected processing 
environment. 

237. A method for electronic financial activities 
characterized by the steps of: 
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communicating digital containers containing 
financial information from a first interoperable 
secure node to a second interoperable secure node, 
communicating modular, standard control 
information to said second secure node to, at least in 
part, set the conditions for use of at least a portion of 
said financial information, 

reporting information related to said use to said first 
interoperable secure node. 

238. A system for electronic financial activities 
characterized by: 

means for communicating digital containers containing 
financial information from a first interoperable secure node to a 
second interoperable secure node, 

means for communicating modular, standard control 
information to said second secure node, 
means at the second node for, at least in part, setting the 
conditions for use of at least a portion of said financial 
information, and 

means for reporting information related to said use from 
the second secure node to said first interoperable secure node. 

239. A method for electronic currency management 
including: 
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communicating encrypted electronic currency from a first, 
interoperable secure user node to a second interoperable user 
node »"n g at least one secure container, and 

providing secure control information for use with said at 
least one secure container, said secure control information, at 
least in part, maintaining conditionally anonymous currency 
usage information. 

240. A system for electronic currency management 
including: 

means for communicating encrypted electronic currency 
from a first, interoperable secure user node to a second 
interoperable user node using at least one secure container, and 

means for providing secure control information for use with 
said at least one secure container, said secure control 
information, at least in part, maintaining conditionally 
anonymous currency usage information. 

241. A method for electronic financial activities 
management characterized by the steps of: 

securely communicating from a first secure node to a 
second secure node financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 
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securely communicating from said first secure node to a 
third secure node said financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 

securely communicating encrypted financial information 
from said second secure node to said third secure node, including 
communicating secure control information, 
processing said financial information at said third node at least 
in part through the use of secure control information supplied by 
said first and said second secure nodes, wherein said 
standardized control information is at least in part stored in a 
secure database contained within said third secure node. 

242. A system for electronic financial activities 
management characterized by the steps of: 

means coupled to a first and a second secure node for 
securely communicating from said first secure node to said 
second secure node financial information standardized control 
information for controlling the use of financial information used 
in a financial value chain, 

means coupled between the first secure node and a third 
secure node for securely communicating from said first secure 
node to said third secure node said financial information 
standardized control information for controlling the use of 
financial information used in a financial value chain, 
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means coupled between the second and third nodes for 
securely communicating encrypted financial information from 
said second secure node to said third secure node, including 
communicating secure control information, and 

means at the third node for processing said financial 
information at said third node at least in part through the use of 
secure control information supplied by said first and said second 

secure nodes, and 

a secure database at the third node for at least in part 
storing said standardized control information. 

243. A method of information management characterized 
by the steps of creating at least one smart object at a first 
location, protecting at least a portion of said smart object 
including protecting at least one rule and/or control assigned to 
said smart object, distributing said at least one smart object to at 
least one second location, securely processing at least a portion of 
the contents of said at least one smart object at said at least one 
second location in accordance with at least a portion of at least 
one said rule and/or control assigned to said smart object. 

244. An information management system characterized 

by: 

means for creating at least one smart object at a first 
location, 
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means for protecting at least a portion of said smart object 
including means for protecting at least one rule and/or control 
assigned to said smart object, 

means for distributing said at least one smart object to at 
least one second location, and 

means for securely processing at least a portion of the 
contents of said at least one smart object at said at least one 
second location in accordance with at least a portion of at least 
one said rule and/or control assigned to said smart object. 

245. An object processing system comprising at least one 
secure object containing at least in part protected executable 
content and at least one at least in part protected rule and/or 
control associated with operations related to the execution of 
such content, and at least one secure execution environment for 
processing the executable content in accordance with at least a 
portion of at least one of said at least one associated rule and/or 
control. 

246. An object processing method comprising: 
providing at least one secure object containing at least in 

part protected executable content and at least one at least in part 
protected rule and/or control associated with operations related 
to the execution of such content, 
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processing, within at least one secure execution 
environment, the executable content in accordance with at least a 
portion of at least one of said at least one associated rule and/or 
control. 

247. A rights distributed database environment including 
(a) means allowing one or more central authorities to establish 
control information for use of encrypted digital information, (b) 
interoperable database management systems at plural user sites 
for securely storing control information and audit information, (c) 
secure communication means for securely communicating control 
information and audit information between user sites, and (d) 
centralized database means for compiling and analyzing usage 
information from plural user sites. 

248. Within a rights distributed database environment, a 
method characterized by the following steps: 

establishing control information for use of encrypted digital 

information, 

securely storing, within interoperable database 
management systems at plural user sites, control information 
and audit information, 

securely communicating control information and audit 
information between user sites, and 
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compiling and analyzing usage information from plural 
user sites. 

249. A method of distributed database searching 
characterized by the steps of creating at least one secure object 
containing search criteria, transmitting at least one such secure 
object to one or more second locations to perform database 
searches in accordance with at least one rule and/or control, 
processing at least one database search based at least in part on 
the search criteria within a secure object in accordance with at 
least a portion of at least one of the said at least one associated 
rule and/or control, storing database search results in the same 
and/or one or more new secure objects, and transmitting the 
secure object containing search results to the first location. 

250. A method as in claim 247 further characterized by the 
additional step of associating at least one additional rule and/or 
control with the search results for establishing at least one 
condition related to the use of at least one portion of said search 
results. 

251. A system for distributed database searching 
characterized by: 

means for creating at least one secure object containing 
search criteria, 



1013 



WO 96/27155 



PCI7US96/02303 



means for transmitting at least one such secure object to 
one or more second locations to perform database searches in 
accordance with at least one rule and/or control, 

means for processing at least one database search based at 
least in part on the search criteria within a secure object in 
accordance with at least a portion of at least one of the said at 
least one associated rule and/or control, 

means for storing database search results in the same 
and/or one or more new secure objects, and 

means for transmitting the secure object containing search 
results to the first location. 

252. A system as in claim 249 further characterized by 
means for associating at least one additional rule and/or control 
with the search results for establishing at least one condition 
related to the use of at least one portion of said search results. 

253. A rights management system comprising protected 
information, at least two protected processing arrangements, and 
a rights management language that allows the expression of 
permitted operations and the consequences of performing such 
operations on at least a portion of the information processed at 
least in part by at least one of the protected processing 
arrangements. 
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254. A rights management method comprising: 
providing protected information for processing by at least 

two protected processing arrangements, and 

expressing, in a rights management language, permitted 
operations and the consequences of performing such operations 
on at least a portion of the information processed at least in part 
by at least one of the protected processing arrangements. 

255. A method of protecting digital information 
characterized by the steps of encrypting at least a portion of the 
information, using a rights management language to describe the 
conditions related to use of the information, distributing at least 
a portion of such information and at least a portion of such rights 
language expressed conditions to one or more recipients, using an 
electronic appliance arrangement including at least one protected 
processing arrangement to securely govern at least a portion of 
the me of such information. 

256. A system for protecting digital information 
characterized by: 

means for encrypting at least a portion of the information, 
means for using a rights management language to describe 
the conditions related to use of the information, 
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means for distributing at least a portion of such 
information and at least a portion of such rights language 
expressed conditions to one or more recipients, and 

an electronic appliance arrangement including at least one 
protected processing arrangement for securely governing at least 
a portion of the use of such information. 

257. A distributed digital information management system 
comprising software components, a rights management language 
for expressing processing relationships between two or more of 
the software components, protected processing means for at least 
a portion of the software components and at least a portion of the 
rights management expressions, means for protecting content, 
means for creating software objects that relate protected content 
to rights management expressions, and means for delivering 
protected content, rights management expressions, and such 
software objects from a providing location to a user's location. 

258. A distributed digital information management 
method comprising: 

expressing, in a rights management language, processing 
relationships between two or more of the software components, 

processing, within at least one protected environment, at 
least a portion of the software components and at least a portion 
of the rights management expressions, 
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protecting content, 

creating software objects that relate protected content to 
rights management expressions, and 

delivering protected content, rights management 
expressions, and such software objects from a providing location 
to a user's location. 

259. An authentication system comprising at least two 
electronic appliances, at least two digital certificates reflecting 
identity information encrypted using different certifying private 
keys where such certificates are stored in a first electronic 
appliance, communications means for transmitting and receiving 
signals between electronic appliances, means for determining 
compromised and/or expired certifying private keys operatively 
connected to a second electronic appliance, means for the second 
electronic appliance to request transmission of one of the digital 
certificates from the first electronic appliance based at least in 
part on such determination, and means operatively connected to 
such second electronic appliance for decrypting such certificate 
and determining such certificate's validity and/or the validity of 
identity information. 

260. In a system comprising at least two electronic 
appliances, an authenticating method comprising: 
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issuing at least two digital certificates reflecting 
identification information, including the step of encrypting the 
two certificates using different certifying private keys, 

storing the certificates in a first electronic appliance, 
transmitting and receiving signals between electronic 
appliances, 

determining compromised and/or expired certifying private 
keys operatively connected to a second electronic appliance, 

requesting, with the second electronic appliance, 
transmission of one of the digital certificates from the first 
electronic appliance based at least in part on such determination, 

decrypting such certificate with the second electronic 
appliance, and 

determining such certificate's validity and/or the validity of 
identity information. 

261. An authentication system comprising at least two 
electronic appliances, at least two digital certificates reflecting 
identify information encrypted using different certifying private 
keys where such certificates are stored in a first electronic 
appliance, communications means for transmitting and receiving 
signals between electronic appliances, means for a second 
electronic appliance to request transmission of one of the digital 
certificates from the first electronic appliance wherein the 
selection of which certificate is requested is based at least in part 
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on a random or pseudo-random number, means operatively 
connected to such second electronic appliance for decrypting such 
certificate and determining such certificate's validity and/or the 
validity of identity information. 

262. In a system comprising at least two electronic 
appliances, an authenticating method comprising: 

issuing at least two digital certificates reflecting identify 
information, including the step of encrypting the two digital 
certificates using different certifying private keys, 

storing such certificates in a first electronic appliance, 
transmitting and receiving signals between electronic 
appliances, 

requesting, with a second electronic appliance, 
transmission of one of the digital certificates from the first 
electronic appliance, including the step of selecting a certificate 
based at least in part on a random or pseudo-random number, 

decrypting such certificate with the second electronic 
appliance; and 

determining such certificate's validity and/or the validity of 
identity information. 

263. A method of secure electronic mail characterized by 
the steps of creating at least one electronic message using an 
interoperable protected processing environment, encrypting at 
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least a portion of said at least one message, securely associating 
one or more sets of control information with one or more 
messages to set at least one condition for the use of said at least 
one message, communicating the protected electronic messages to 
one or more recipients having protected processing environments, 
securely communicating at least one set of the same or differing 
control information to each recipient, enabling recipients of both 
control information and protected messages to use message 
information at least in part in accordance with the conditions 
specified by the control information. 



264. A system for secure electronic mail including multiple 
protected processing environments, the system characterized by: 

a first protected processing environment for creating at 
least one electronic message, the first environment including 
means for encrypting at least a portion of said at least one 
message, means for securely associating one or more sets of 
control information with one or more messages to set at least one 
condition for the use of said at least one message, and means for 
communicating the protected electronic messages to one or more 
recipients having interoperable protected processing 

environments, 

means for securely communicating at least one set of the 
same or differing control information to each recipient, and 
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means for enabling recipients of both control information 
and protected messages to use message information at least in 
part in accordance with the conditions specified by the control 
information. 

265. A method of information management characterized 
by the steps of protecting content from unauthorized use, 
securely associating enabling control information with at least a 
portion of such protected content wherein such enabling control 
information incorporates information describing how the 
enabling control information may be redistributed, delivering at 
least a portion of the protected content to a first user, delivering 
such enabling control information to such first user, receiving a 
request to redistribute such enabling control information from 
such first user, using the description of how enabling control 
information may be redistributed to create new enabling control 
information where such new enabling control information may be 
the same or different than the enabling control information 
received by such first user, delivering the new enabling control 
information and/or protected information to a second user. 

266. An information management system characterized 

by: 

means for protecting content from unauthorized use, 
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means for securely associating enabling control 
information with at least a portion of such protected content, 
including means for incorporating enabling control information 
describing how the enabling control information may be 
redistributed, 

means for delivering at least a portion of the protected 

content to a first user, 

means for delivering such enabling control information to 

such first user, 

means for receiving a request to redistribute such enabling 
control information from such first user, 

means for using the description of how enabling control 
information may be redistributed to create new enabling control 
information where such new enabling control information may be 
the same or different than the enabling control information 
received by such first user, and 

means for delivering the new enabling control information 
and/or protected information to a second user. 

267. A method of controlling redistribution of distributed 
digital information including the steps of encrypting digital 
information, distributing said encrypted digital information from 
a first party to a second party, establishing control information 
regarding the redistribution of at least a portion of said encrypted 
digital information from said second party to at least one third 
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party, regulating the redistribution of said at least a portion of 
said encrypted digital information through the use of a protected 
processing environment processing said control information. 

268. A system for controlling redistribution of distributed 
digital information including: 

means for encrypting digital information, 

means for distributing said encrypted digital information 

from a first party to at least one second party, 

means for establishing control information regarding the 

redistribution of at least a portion of said encrypted digital 

information from said second party to at least one third party, 

and 

a protected processing environment for processing said 
control information and for regulating the redistribution of said 
at least a portion of said encrypted digital information. 

269. A method of controlling a robot characterized by the 
steps of creating instructions for one or more robots, creating a 
secure container incorporating such instructions, associating 
control information with such secure container, incorporating at 
least one secure processing unit into such one or more robots, and 
performing at least a portion of such instructions in accordance 
with at least a portion of such control information. 
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270. A method as in *1«im 267 further characterized in 
that such control information includes information describing the 
conditions under which such instructions may be used and the 
nature of audit reports required when such instructions are 
performed. 

271. A robot control system characterized by: 
means for creating instructions for one or more robots, 
means for creating a secure container incorporating such 

instructions, 

means for associating control information with such secure 
container, 

means for incorporating at least one secure processing unit 
into such one or more robots, and 

means for performing at least a portion of such instructions 
in accordance with at least a portion of such control information. 

272. A system as in claim 269 further characterized by 
means for creating such control information, including means for 
describing the conditions under which such instructions may be 
used and the nature of audit reports required when such 
instructions are performed. 

273. A method of detecting fraud in electronic commerce 
characterized by the steps of creating at least one secure 
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container, associating control information with such one or more 
containers including control information requiring that audit 
information be collected and transmitted to an auditing party, 
delivering such one or more containers and such control 
information to at least one user, recording information 
identifying each container and each such user, receiving audit 
information, creating a profile of usage based at least in part on 
such received audit information and/or such control information, 
detecting cases where certain audit information differs at least in 
part from such profile of usage. 

274. A system for detecting fraud in electronic commerce 

characterized by 

means for creating at least one secure container, 

means for associating control information with such one or 

more containers including control information requiring that 

audit information be collected and transmitted to an auditing 

party, 

means for delivering such one or more containers and such 
control information to at least one user, 

means for recording information identifying each container 
and each such user, 

means for receiving audit information, 
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means for creating a profile of usage based at least in part 
on such received audit information and/or such control 
information, and 

means for detecting cases where certain audit information 
differs at least in part from such profile of usage. 

275. A method of detecting fraud in electronic commerce 
characterized by the steps of distributing at least in part 
protected digital information to customers, distributing one or 
more rights to use at least a portion of such digital information 
across an electronic network, allowing a customer to use at least 
a part of said at least in part protected digital information 
through the use of a protected processing environment and at 
least one of said one or more distributed rights, detecting 
unusual usage activity related to use of said digital information. 

276. A system for detecting fraud in electronic commerce 

characterized by 

means for distributing at least in part protected digital 

information to customers, 

means for distributing one or more rights to use at least a 
portion of such digital information across an electronic network, 

a protected processing environment for allowing a 
customer to use at least a part of said at least in part protected 
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digital information through at least one of said one or more 
distributed rights, and 

means for detecting unusual usage activity related to use 
of said digital information. 

277. A programmable component arrangement comprising 
a tamper resistant processing environment including a 
microprocessor, memory, a task manager, memory manager and 
external interface controller, means for loading arbitrary 
components at least in part into the memory, means for initiating 
one or more tasks associated with processing such components, 
means for certifying the validity, integrity and/or trustedness of 
such components, means for creating arbitrary components, 
means for associating arbitrary events with such created 
components, means for certifying the validity, integrity and/or 
trustedness of such created components, and means for securely 
delivering such created components. 

278. In a programmable component arrangement 
comprising a tamper resistant processing environment including 
a microprocessor, memory, a task manager, memory manager 
and an external interface controller, a processing method 
characterized by the following steps: 

creating arbitrary components, 

associating arbitrary events with such created components, 
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loading the arbitrary components at least in part into the 
memory, 

initiating one or more tasks associated with processing 
such loaded components, 

certifying the validity, integrity and/or trustedness of such 
created components, and 

securely delivering such created components. 

279. A distributed, protected, programmable component 
arrangement comprising at least two tamper resistant processing 
environments including a microprocessor, memory, a task 
manager, memory manager and external interface controller, 
means for loading arbitrary components at least in part into the 
memory, means for initiating one or more tasks associated with 
processing such components, and means for certifying the 
validity, integrity and/or trustedness of such components, said 
arrangement further comprising means for creating arbitrary 
components, means for associating arbitrary events with such 
created components, means for certifying the validity, integrity 
and/or trustedness of such created components, means for 
securely delivering such created components between at least two 
of said at least two tamper resistant processing environments. 

280. In a distributed, protected, programmable component 
arrangement comprising at least two tamper resistant processing 
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environments including a microprocessor, memory, a task 
manager, memory manager and external interface controller, a 
method comprising 

creating arbitrary components, 
certifying the validity, integrity and/or trustedness of such 
components, 

loading arbitrary components at least in part into the 
memory, 

initiating one or more tasks associated with processing 
such components, 

associating arbitrary events with such created components, 

and 

securely delivering such created components between at 
least two of said at least two tamper resistant processing 
environments. 

281. An electronic appliance comprising at least one CPU, 
memory, at least one system bus, at least one protected 
processing environment, and at least one of a Rights Operating 
System or Rights Operating System layer associated with a host 
operating system. 

282. An operating system comprising at least one task 
manager, at least one memory manager, at least one input/output 
manager, at least one protected processing environment, means 
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for detecting events, means for associating events with rights 
control functions, means for performing rights control functions 
at least in part within such one or more protected processing 
environments. 

283. In an operating system comprising at least one task 
manager, at least one memory manager, at least one input/output 
manager, at least one protected processing environment, an 
operating method comprising: 

detecting events, 

associating events with rights control functions, and 
performing rights control functions at least in part within 
such one or more protected processing environments. 

284. A method of business automation characterized by 
the steps of creating one or more secure containers including 
accounting and/or other administrative information, associating 
control information with such one or more secure containers 
including a description of (a) the one or more parties to whom the 
container may and/or must be delivered and/or (b) the operations 
that one or more parties may and/or must perform with respect to 
such accounting and/or other administrative information, 
delivering one or more of such containers to one or more parties, 
and enabling the description and/or enforcement of at least a 
portion of such control information prior, during and/or 
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subsequent to use of such accounting and/or other administrative 
information by one or more parties. 

285. A method as in claim 282 where such control 
information further includes at least one requirement that audit 
information be collected and delivered to one or more auditing 
parties, and further includes the step of delivering at least a 
portion of such audit information to one or more parties. 

286. A method as in claim 283 where at least a portion of 
such audit information is automatically processed by at least one 
of such auditing parties, and further includes the step of 
transmitting further accounting, administrative and/or audit 
information to one or more parties that may be the same and/or 
differ from the one or more parties from whom audit information 
was received based at least in part on the receipt and/or content 
of such received audit information. 

287. A method as in claim 282 where at least two of such 
parties are associated with different businesses and/or other 
organizations and such control information includes information 
that at least in part describes an accounting, administrative, 
reporting and/or other audit relationship between such 
businesses and/or other organizations. 
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288. A method as in claim 282, 283, 284, or 285 where 
some or all of such accounting and/or other administrative 
information is included in such control information. 

289. A business automation system characterized by: 
means for creating one or more secure containers including 

accounting and/or other administrative information, 

means for associating, with such one or more secure 
containers, control information including a description of (a) the 
one or more parties to whom the container may and/or must be 
delivered and/or (b) the operations that one or more parties may 
and/or must perform with respect to such accounting and/or other 
administrative information, 

means for delivering one or more of such containers to one 
or more parties, and 

means for enabling the description and/or enforcement of 
at least a portion of such control information prior, during and/or 
subsequent to use of such accounting and/or other administrative 
information by one or more parties. 

290. A system as in claim 287 where the associating 
means further includes means for associating at least one 
requirement that audit information be collected and delivered to 
one or more auditing parties, and the delivering means includes 
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means for delivering at least a portion of such audit information 
to one or more parties. 

291. A system as in claim 288 further including means for 
automatically processing at least a portion of such audit 
information, and the system further includes means for 
transmitting further accounting, administrative and/or audit 
information to one or more parties that may be the same and/or 
differ from the one or more parties from whom audit information 
was received based at least in part on the receipt and/or content 
of such received audit information. 

292. A system as in claim 287 where at least two of such 
parties are associated with different businesses and/or other 
organizations and the associating means includes means for 
generating control information including information that at 
least in part describes an accounting, administrative, reporting 
and/or other audit relationship between such businesses and/or 
other organizations. 

293. A system as in claim 286, 287, 288, or 290 where 
some or all of such accounting and/or other administrative 
information is included in such control information. 
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294. A method of distributing content characterized by the 
steps of creating one or more first secure containers, associating 
control information with such first containers including 
information describing the conditions under which some or all of 
the content of such first containers may be extracted, delivering 
at least a portion of such first containers and such control 
information to one or more parties, detecting a request by one or 
more of such parties to extract some or all of the content of such 
first containers, determining if such request is permitted in whole 
or in part by such control information, to the extent permitted by 
such control information creating one or more second secure 
containers in accordance with such request and such control 
information, associating control information with such one or 
more second secure containers based at least in part on control 
information associated with such first containers. 

295. A system for distributing content characterized by: 
means for creating one or more first secure containers, 
means for associating control information with such first 

containers including information describing the conditions under 
which some or all of the content of such first containers may be 
extracted, 

means for delivering at least a portion of such first 
containers and such control information to one or more parties, 
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means for detecting a request by one or more of such 
parties to extract some or all of the content of such first 
containers, 

means for determining if such request is permitted in 
whole or in part by such control information, to the extent 
permitted by such control information creating one or more 
second secure containers in accordance with such request and 
such control information, and 

means for associating control information with such one or 
more second secure containers based at least in part on control 
information associated with such first containers. 

296. A method of distributing content characterized by the 
steps of creating one or more first secure containers, associating 
control information with such first secure containers including 
information describing the conditions under which such first 
secure containers (a) may in whole or in part be embedded into 
and/or securely associated with one or more second secure 
containers and/or (b) may allow one or more secure containers to 
be in whole or in part embedded into and/or securely associated 
with such first secure containers, delivering at least a portion of 
such first secure containers and such control information to one 
or more parties, detecting a request by one or more of such 
parties or by additional parties to (a) in whole or in part embed 
into and/or securely associate with such first containers one or 
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more second containers and/or (b) in whole or in part embed into 
and/or securely associate with a secure container such first 
secure containers, determining if such request is permitted by 
control information, to the extent permitted by control 
information performing one or more embedding and/or secure 
association operations, to the extent required by control 
information and/or requested by one or more of such parties, 
modifying and/or creating new control information at least in 
part as a consequence of such one or more embedding and/or 
secure association operations. 

297. A system for distributing content characterized by 
means for creating one or more first secure containers, 
means for associating control information with such first 
secure containers including information describing the conditions 
under which such first secure containers (a) may in whole or in 
part be embedded into and/or securely associated with one or 
more second secure containers and/or (b) may allow one or more 
secure containers to be in whole or in part embedded into and/or 
securely associated with such first secure containers, 

means for delivering at least a portion of such first secure 
containers and such control information to one or more parties, 

means for detecting a request by one or more of such 
parties to (a) in whole or in part embed into and/or securely 
associate with such first containers one or more second 
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containers and/or (b) in whole or in part embed into and/or 
securely associate with a secure container such first secure 
containers, and 

means for determining if such request is permitted by 
control information, to the extent permitted by control 
information performing one or more embedding and/or secure 
association operations, to the extent required by control 
information and/or requested by one or more of such parties, 
modifying and/or creating new control information at least in 
part as a consequence of such one or more embedding and/or 
secure association operations. 

298. A method of distributing information characterized by 
the steps of protecting information from unauthorized use, 
associating control information with such protected information, 
delivering at least a portion of such protected information to one 
or more parties using plural pathways, delivering at least a 
portion of such control information to one or more parties using 
the same or different plural pathways, enabling at least one of 
such parties to make at least some use of such protected 
information delivered using a first pathway in accordance with 
control information at least a portion of which is delivered using 
a second pathway. 
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299. A method as in claim 296 in which at least one of 
such pathways of delivering protected information and/or control 
information is described by such control information. 

300. A system for distributing information characterized 

by: 

means for protecting information from unauthorized use, 

means for associating control information with such 
protected information, 

means for delivering at least a portion of such protected 
information to one or more parties using plural pathways, 

means for delivering at least a portion of such control 
information to one or more parties using the same or different 
plural pathways, 

means for enabling at least one of such parties to make at 
least some use of such protected information delivered using a 
first pathway in accordance with control information at least a 
portion of which is delivered using a second pathway. 

301. A system as in claim 298 wherein the delivering 
means includes means for delivering, over at least one of such 
pathways, protected information and/or control information 
described by such control information. 
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302. A method of distributing information characterized by 
the steps of protecting information from unauthorized use, 
associating control information with such protected information 
including information requiring the collection of audit 
information, enabling one or more parties to receive and/or 
process audit information, delivering at least a portion of such 
protected information and such control information to one or 
more parties, enabling at least some use of such protected 
information in accordance with at least a portion of such control 
information that requires the collection of audit information, 
delivering such audit information to one or more of such enabled 
auditing parties different from such delivering party or parties. 

303. A method as in claim 300 in which at least one of 
such auditing parties is specified in such control information. 

304. A system for distributing information characterized 

by 

means for protecting information from unauthorized use, 
means for associating control information with such 

protected information including information requiring the 

collection of audit information, 

means for enabling one or more parties to receive and/or 

process audit information, 
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means for delivering at least a portion of such protected 
information and such control information to one or more parties, 

means for enabling at least some use of such protected 
information in accordance with at least a portion of such control 
information that requires the collection of audit information, and 

means for delivering such audit information to one or more 
of such enabled auditing parties different from such delivering 
party or parties. 

305. A system as in claim 302 in which at least one of such 
auditing parties is specified in such control information. 

306. A secure component-based operating process 

including: 

(a) retrieving at least one component; 

(b) retrieving a record that specifies a component 
assembly; 

(c) checking said component and/or said record for validity; 

(d) using said component to form said component assembly 
in accordance with said record; and 

(e) performing a process based at least in part on said 
component assembly. 

307. A process as in claim 304 wherein said step (c) 
further comprises executing said component assembly. 
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308. A process as in claim 304 wherein said component 
comprises executable code. 

309. A process as in claim 304 wherein said component 
comprises a load module. 

310. A process as in claim 304 wherein: 
said record comprises: 

(i) directions for assembling said component assembly; 
and 

(ii) information that at least in part specifies a control; 
and 

said process further comprises controlling said step (d) 
and/or said step (e) based at least in part on said control. 

311. A process as in claim 304 wherein said component 
has a security wrapper, and said controlling step comprises 
selectively opening said security wrapper based at least in part 
on said control. 

312. A process as in claim 304 wherein: 

said permissions record includes at least one decryption 
key; and 

said controlling step includes controlling use of said 
decryption key. 
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313. A process as in claim 304 including performing at 
least two of said steps (a) and (e) within a protected processing 
environment. 

314. A process as in claim 304 including performing at 
least two of said steps (a) and (e) at least in part within tamper- 
resistant hardware. 

315. A method as in claim 304 wherein said performing 
step (e) includes metering usage. 

316. A method as in claim 304 wherein said performing 
step (e) includes auditing usage. 

317. A method as in claim 304 wherein said performing 
step (e) includes budgeting usage. 

318. A secure component operating system process 
including: 

receiving a component; 

receiving directions specifying use of said component to 
form a component assembly; 

authenticating said received component and/or said 
directions; 
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forming, using said component, said component assembly 
based at least in part on said received directions; and 

using said component assembly to perform at least one 
operation. 

319. A method comprising performing the following steps 
within a secure operating system environment: 

providing code; 

providing directions specifying assembly of said code into 
an executable program; 

checking said received code and/or said assembly directors 
for validity; and 

in response to occurrence of an event, assembling said code 
in accordance with said received assembly directions to form an 
assembly for execution. 

320. A method for managing at least one resource with a 
secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a second control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

securely processing, using at least one resource, a data 
item associated with said first and second controls; and 
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securely applying said first and second controls to manage 
said resource for use with said data item. 

321. A method for securely managing at least one 
operation on a data item performed at least in part by an 
electronic arrangement, said method comprising: 

(a) securely delivering a first procedure to said electronic 
arrangement; 

(b) securely delivering, to said electronic arrangement, a 
second procedure separable or separate from said first procedure; 

(c) performing at least one operation on said data item, 
including using said first and second procedures in combination 
to at least in part securely manage said operation; and 

(d) securely conditioning at least one aspect of use of said 
data item based on said delivering steps (a) and (b) having 
occurred. 

322. A method as in claim 319 including performing said 
delivering step (b) at a time different from the time said 
delivering step (a) is performed. 

323. A method as in claim 319 wherein said step (a) 
includes delivering said first procedure from a first source, and 
said step (b) includes delivering said second procedure from a 
second source different from said first source. 
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324. A method as in claim 319 further including ensuring 
the integrity of said first and second procedures. 

325. A method as in claim 319 further including validating 
each of said first and second procedures. 

326. A method as in claim 319 further including 
authenticating each of said first and second procedures. 

327. A method as in claim 319 wherein said using step (c) 
includes executing at least one of said first and second procedures 
within a tamper-resistant environment. 

328. A method as in claim 319 wherein said step (c) 
includes the step of controlling said data item with at least one of 
said first and second procedures. 

329. A method as in claim 319 further including 
establishing a relationship between at least one of said first and 
second procedures and said data item. 

330. A method as in claim 319 further including 
establishing correspondence between said data item and at least 
one of said first and second procedures. 
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331. A method as in claim 319 wherein said delivering 
step (b) comprises delivering at least one load module encrypted 
at least in part. 

332. A method as in claim 329 wherein said delivering 
step (a) comprises delivering at least one further load module 
encrypted at least in part. 

333. A method as in claim 319 wherein said delivering 
step (b) comprises delivering at least one content container 
carrying at least in part secure control information. 

334. A method as in claim 319 wherein said delivering 
step (b) comprises delivering a control method and at least one 
further method. 

335. A method as in claim 319 wherein said delivering 
step (a) includes: 

encrypting at least a portion of said first procedure, 

communicating said at least in part encrypted first 
procedure to said electronic arrangement, 

decrypting at least a portion of said first procedure at least 
in part using said electronic arrangement, and 

validating said first procedure with said electronic 
arrangement. 
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336. A method as in claim 319 wherein said delivering 
step (b) includes delivering at least one of said first and second 
procedures within an administrative object. 

337. A method as in claim 319 wherein said delivering 
step (b) includes codelivering said second procedure in at least in 
part encrypted form with said data item. 

338. A method as in claim 319 wherein said performing 
step includes metering usage. 

339. A method as in claim 319 wherein said performing 
step includes auditing usage. 

340. A method as in claim 319 wherein said performing 
step includes budgeting usage. 

341. A method for securely managing at least one 
operation performed at least in part by a secure electronic 
appliance, comprising: 

(a) selecting an item that is protected with respect to at 
least one operation; 

(b) securely independently delivering plural separate 
procedures to said electronic appliance; 
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(c) using said plural separate procedures in combination to 
at least in part securely manage said operation with respect to 
said selected item; and 

(d) conditioning successful completion of said operation on 
said delivering step (b) having occurred. 

342. A method for processing based on deliverables 
comprising: 

securely delivering a first piece of code defining a first part 
of a process; 

separately, securely delivering a second piece of code 
defining a second part of said process; 

ensuring the integrity of the first and second delivered 
pieces of code; and 

performing said process based at least in part on said first 
and second delivered code pieces. 

343. A method as in claim 340 wherein a first piece of code 
for said process at least in part controls decrypting content. 

344. A method as in claim 340 wherein said ensuring step 
includes validating said first and second pieces of code. 
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345. A method as in claim 340 wherein said ensuring step 
includes validating said first and second pieces of code relative to 
one another. 

346. A method as in claim 340 wherein said performing 
step includes metering usage. 

347. A method as in claim 340 wherein said performing 
step includes auditing activities. 

348. A method as in claim 340 wherein said performing 
step includes budgeting usage. 

349. A method as in claim 340 wherein said performing 
step includes electronically processing content based on electronic 
controls. 

350. A method of securely controlling at least one 
protected operation with respect to a data item comprising: 

(a) supplying at least a first control from a first party; 

(b) supplying at least a second control from a second party 
different from said first party; 

(c) securely combining said first and second controls to 
form a set of controls; 
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(d) securely associating said control set with said data 
item; and 

(e) securely controlling at least one protected operation 
with respect to said data item based on said control set. 

351. A method as in claim 348 wherein said data item is 
protected. 

352. A method as in claim 348 wherein at least one of said 
plural controls includes a control relating to metering at least one 
aspect of use of said protected data item. 

353. A method as in claim 348 wherein at least one of said 
plural controls include a control relating to budgeting at least one 
aspect of use of said protected data item. 

354. A secure method for combining data items into a 
composite data item comprising: 

(a) securely providing a first data item having at least a 
first control associated therewith; 

(b) securely providing a second data item having at least a 
second control associated therewith; 

(c) forming a composite of said first and second data 

items; 
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(d) securely combining said first and second controls into a 
composite control set; and 

(e) performing at least one operation on said composite of 
said first and second data items based at least in part on said 
composite control set. 

355. A method as in claim 352 wherein said combining 
step includes preserving each of said first and second controls in 
said composite set. 

356. A method as in claim 352 wherein said performing 
step comprises governing the operation on said composite of said 
first and second data items in accordance with said first control 
and said second control . 

357. A method as in claim 352 wherein said providing step 
includes ensuring the integrity of said association between said 
first controls and said first data item is maintained during at 
least one of transmission, storage and processing of said first 
data item. 

358. A method as in claim 352 wherein said providing step 
comprises delivering said first data item separately from said 
first control . 
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359. A method as in claim 352 wherein said providing step 
comprises codelivering said first data item and said first control . 

360. A secure method for controlling a protected operation 
comprising: 

(a) delivering at least a first control and a second control; 

and 

(b) controlling at least one protected operation based at 
least in part on a combination of said first and second controls, 
including at least one of the following steps: 

resolving at least one conflict between said first and 
second controls based on a predefined order, 

providing an interaction with a user to form said 
combination; and 

dynamically negotiating between said first and second 

controls. 

361. A method as in claim 358 wherein said controlling 
step (b) includes controlling decryption of electronic content. 

362. A method as in claim 358 further including: 
receiving protected electronic content from a party; and 
authenticating the identity of said party prior to using said 

received protected electronic content. 
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363. A secure method comprising: 
selecting protected data; 

extracting said protected data from an object; 
identifying at least one control to manage at least one 
aspect of use of said extracted data; 

placing said extracted data into a further object; and 
associating said at least one control with said further 

object. 

364. A method as in claim 361 further including limiting 
at least one aspect of use of said further object based on said at 
least one control. 

365. A secure method of modifying a protected object 
comprising: 

(a) providing a protected object; and 

(b) embedding at least one additional element into said 
protected object without unprotecting said object. 

366. A method as in claim 60 further including: 
associating at least one control with said object; and 
limiting usage of said element in accordance with said 

control. 
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367. A method as in claim 363 further including a 
permissions record within said object. 

368. A method as in claim 364 further including at least in 
part encrypting said object. 

369. A method for managing at least one resource with a 
secure operating environment, said method comprising: 

securely receiving a first load module from a first entity 
external to said operating environment; 

securely receiving a second load module from a second 
entity external to said operating environment, said second entity 
being different from said first entity; 

securely processing, using at least one resource, a data 
item associated with said first and second load modules; and 

securely applying said first and second load modules to 
manage said resource for use with said data item. 

370. A method for negotiating electronic contracts, 
comprising: 

receiving a first control set from a remote site; 
providing a second control set; 

performing, within a protected processing environment, an 
electronic negotiation between said first control set and said 



1054 



WO 96/27155 



PCTAJS96/02303 



second control set, including providing interaction between said 
first and second control sets; and 

producing a negotiated control set resulting from said 
interaction between said first and second control sets. 

371. A system for supporting electronic commerce 
including: 

means for creating a first secure control set at a first 
location; 

means for creating a second secure control set at a second 
location; 

means for securely communicating said first secure control 
set from said first location to said second location; and 

means at said second location for securely integrating said 
first and second control sets to produce at least a third control set 
comprising plural elements together comprising an electronic 
value chain extended agreement. 

372. A system for supporting electronic commerce 
including: 

means for creating a first secure control set at a first 
location; 

means for creating a second secure control set at a second 
location; 
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means for securely communicating said first secure control 
set from said first location to said second location; and 

negotiation means at said second location for negotiating 
an electronic contract through secure execution of at least a 
portion of said first and second secure control sets. 

373. A system as in claim 370 further including means for 
controlling use by a user of protected information content based 
on at least a portion of said first and/or second control sets. 

374. A system as in claim 370 further including means for 
charging for at least a part of said content use. 

375. A secure component-based operating system 
including: 

component retrieving means for retrieving at least one 
component; 

record retrieving means for retrieving a record that 
specifies a component assembly; 

checking means, operatively coupled to said component 
retrieving means and said record retrieving means, for checking 
said component and/or said record for validity; 

using means, coupled to said checking means, for using 
said component to form said component assembly in accordance 
with said record; and 
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performing means, coupled to said using means, for 
performing a process based at least in part on said component 
assembly. 

376. A secure component-based operating system 
including: 

a database manager that retrieves, from a secure database, 
at least one component and at least one record that specifies a 
component assembly; 

an authenticating manager that checks said component 
and/or said record for validity; 

a channel manager that uses said component to form said 
component assembly in accordance with said record; and 

an execution manager that performs a process based at 
least in part on said component assembly. 

377. A secure component operating system including: 
means for receiving a component; 

means for receiving directions specifying use of said 
component to form a component assembly; 

means, coupled to said receiving means, for authenticating 
said received component and/or said directions; 

means, coupled to said authenticating means, for forming, 
using said component, said component assembly based at least in 
part on said received directions; and 
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means, coupled to said forming means, for using said 
component assembly to perform at least one operation. 

378. A secure component operating environment 
including: 

a storage device that stores a component and directions 
specifying use of said component to form a component assembly; 

an authenticating manager that authenticates said 
component and/or said directions; 

a channel manager that forms, using said component, said 
component assembly based at least in part on said directions; and 

a channel that executes said component assembly to 
perform at least one operation. 

379. A secure operating system environment comprising: 
a storage device that stores code and directions specifying 

assembly of said code into an executable program; 

a validating device that checks said received code and/or 
said assembly directors for validity; and 

an event-driven channel that, in response to occurrence of 
an event, assembles said code in accordance with said assembly 
directions to form an assembly for execution. 

380. A secure operating environment system for managing 
at least one resource comprising: 
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a communications arrangement that securely receives a 
first control from a first entity external to said operating 
environment, and securely receives a second control from a 
second entity external to said operating environment, said second 
entity being different from said first entity; and 

a protected processing environment, coupled to said 
communications arrangement, that: 

(a) securely processes, using at least one resource, a data 
item associated with said first and second controls, and 

(b) securely applies said first and second controls to 
manage said resource for use of said data item. 

381. A system for negotiating electronic contracts, 
comprising: 

a storage arrangement that stores a first control set 
received from a remote site, and stores a second control set; 

a protected processing environment, coupled to said 
storage arrangement, that: 

(a) performs an electronic negotiation between said 
first control set and said second control set, 

(b) provides interaction between said first and 
second control sets, and 

(c) produces a negotiated control set resulting from 
said interaction between said first and second control sets. 
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382. A system as in claim 379 further including means for 
electronically enforcing said negotiated control set. 

383. A system as in claim 379 further including means for 
generating an electronic contract based on said negotiated control 
set. 

384. A method for supporting electronic commerce 
including: 

creating a first secure control set at a first location; 

creating a second secure control set; 

electronically negotiating, at said location different from 
said first location, an electronic contract, including the step of 
securely executing at least a portion of said first and second 
control sets. 

385. An electronic appliance comprising: 
a processor; and 

at least one memory device connected to said processor; 
wherein said processor includes: 
retrieving means for retrieving at least one component, 
and at least one record that specifies a component assembly, from 
said memory device, 

checking means coupled to said retrieving means for 
checking said component and/or said record for validity, and 
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using means coupled to said retrieving means for using 
said component to form said component assembly in accordance 
with said record. 

386. An electronic appliance comprising: 
at least one processor, 

at least one memory device connected to said processor; 

and 

at least one input/output connection operatively coupled to 

said processor, 

wherein said processor at least in part executes a rights 
operating system to provide a secure operating environment 
within said electronic appliance. 

387. An electronic appliance as in claim 384 wherein said 
processor includes means for providing a channel, said channel 
assembling independently deliverable components into a 
component assembly and executing said component assembly. 

388. An electronic appliance as in claim 384 further 
including a secondary storage device coupled to said processor, 
said secondary storage device storing a secure database, said 
processor including means for decrypting information obtained 
from said secure database and for encrypting information to be 
written to said secure database. 
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389. An electronic appliance as in claim 384 wherein said 
processor and said memory device are disposed in a secure, 
tamper-resistance encapsulation. 

390. An electronic appliance as in claim 384 wherein said 
processor includes a hardware encryptor/decryptor. 

391. An electronic appliance as in claim 384 wherein said 
processor includes a real time clock. 

392. An electronic appliance as in claim 384 wherein said 
processor includes a random number generator. 

393. An electronic appliance as in claim 384 wherein said 
memory device stores audit information. 

394. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a second control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; 

using at least one resource; 
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securely sending to said first entity in accordance with said 
first control, first audit information concerning use of said 
resource; and 

securely sending to said second entity in accordance with 
said second control, second audit information concerning use of 
said resource, said second audit information being at least in part 
different from said first audit information. 

395. A method for auditing the use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving first and second control alternatives 
from an entity external to said operating environment; 

selecting one of said first and second control alternatives; 

using at least one resource; 

if said first control alternative is selected by said selecting 
step, securely sending to said entity in accordance with said first 
control alternative, first audit information concerning use of said 
resource; and 

if said second control alternative is selected by said 
selecting step, securely sending to said second entity in 
accordance with said second control alternative, second audit 
information concerning use of said resource, said second audit 
information being at least in part different from said first audit 
information. 
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396. A method and/or system for enabling a sale of 
protected digital information that has been previously distributed 
to users, the method or system being characterized by a secure 
element that selectively controls access to the protected digital 
information based on electronic controls associated with the 
information. 

397. A distributed, secure electronic point of sale system or 
method characterized by a secure processing element for 
selectively releasing goods and/or services in exchange for 
compensation. 

398. In a distributed digital network, an advertising 
method characterized by the steps of tracking usage of digital 
information that has associated with it one or more controls with 
respect to access to and/or usage of said information; and 
targeting advertising messages based at least in part on said 
tracking. 

399. A distributed electronic advertising system 
characterized in that the system uses a distributed network of 
interoperable protected processing environments to at least in 
part deliver advertising to users. 
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400. A distributed, secure, virtual black box comprised of 
nodes located at VDE content container creators, other content 
providers, client users, and recipients of secure VDE content 
usage information) site, the nodes of said virtual black box 
including a secure subsystem having at least one secure 
hardware element such as a semiconductor element or other 
hardware module for securely executing VDE control processes, 
said secure subsystems being distributed at nodes along a 
pathway of information storage, distribution, payment, usage, 
and/or auditing. 

401. A protected processing system or method providing 
multiple currencies and/or payment arrangements for the secure 
processing and releasing of protected digital information. 

402. A distributed secure method or system characterized 
in that a user's age is used as a criteria for electronically, 
securely releasing information and/or resources to the user. 

403. A method of renting an electronic appliance defining 
a secure processing environment. 

404. A virtual distribution environment providing any one 
or more of the following features and/or elements and/or 
combinations thereof: 
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a configurable protected, distributed event management 
system; and/or 

a trusted, distributed transaction and storage management 
arrangement; and/or 

plural pathways for providing information, for control 
information, and/or for reporting; and/or 

multiple payment methods; and/or 

multiple currencies; and/or 

EDI; and/or 

Electronic banking; and/or 
electronic document management; and/or 
electronic secure communication; and/or 
e-mail; and/or 

distributed asynchronous reporting; and/or 

combination asynchronous and online management; and/or 

privacy control by users; and/or 

testing; and/or 

using age as a class; and/or 

appliance control (renting, etc.); and/or 

telecommunications infrastructure; and/or 

games management; and/or 

extraction of content from an electronic container; and/or 
embedding of content into an electronic container; and/or 
multiple certificate to allow for breach of a key; and/or 
virtual black box; and/or 
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independence of control information from content; and/or 
multiple, separate, simultaneous control sets for one digital 

information property; and/or 

updating control information for already distributed digital 

information; and/or 

organization information management; and/or 
coupled external and organization internal chain of 

handling and control; and/or 

a content usage consequence management system 

(reporting, payment, etc., multiple directions); and/or 

a content usage reporting system providing differing audit 

information and/or reduction going to multiple parties holding 

rights in content; and/or 

an automated remote secure object creation system; and/or 
infrastructure background analysis to identify improper 

use; and/or 

seniority of control information system; and/or 

secure distribution and enforcement of rules and controls 

separately from the content they apply to; and/or 

redistribution management by controlling the rights and/or 

number of copies and or pieces etc. that may be redistributed; 

and/or 

an electronic commerce taxation system; and/or 
an electronic shopping system; and/or 
an electronic catalog system; and/or 
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a system handling electronic banking, electronic shopping, 
and electronic content usage management; and/or 

an electronic commerce multimedia system; and/or 

a distributed, secure, electronic point of sale system; and/or 

advertising; and/or 

electronics rights management; and/or 

a distributed electronic commerce system; and/or 

a distributed transaction system or environment; and/or 

a distributed event management system; and/or 

a distributed right systems. 

405. A Virtual Distribution Environment substantially as 
shown in Figure 1. 

406. An "Information Utility" substantially as shown in 
Figure 1A. 

407. A chain of handling and control substantially as 
shown in Figure 1. 

408. Persistent rules and control information substantially 
as shown in Figure 2A. 

409. A method of providing different control information 
substantially as shown in Figure 1. 
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410. Rules and/or control information substantially as 
shown in Figure 4. 

411. An object substantially as shown in Figures 5A and 

5B. 

412. A Secure Processing Unit substantially as shown in 
Figure 6. 

413. An electronic appliance substantially as shown in 
Figure 7. 

414. An electronic appliance substantially as shown in 
Figure 8. 

415. A Secure Processing Unit substantially as shown in 
Figure 9. 

416. A "Rights Operating System" ("ROS") architecture 
substantially as shown in Figure 10. 

417. Functional relationship(s) between applications and 
the Rights Operating System substantially as shown in Figures 
11A-11C. 
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418. Components and component assemblies substantially 
as shown in Figures 11D-11J. 

419. A Rights Operating System substantially as shown in 
FIGURE 12. 

420. A method of objection creation substantially as shown 
in Figure 12A. 

421. A "protected processing environment" software 
architecture substantially as shown in Figure 13. 

422. A method of supporting a channel substantially as 
shown in Figure 15. 

423. A channel header and channel detail record 
substantially as shown in Figure 15 A. 

424. A method of creating a channel substantially as 
shown in Figure 15B. 

425. A secure data base substantially as shown in Figure 

16. 

426. A logical object substantially as shown in Figure 17. 
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427. A stationary object substantially as shown in 
FIGURE 18. 

428. A travelling object substantially as shown in FIGURE 

19. 

429. A content object substantially as shown in FIGURE 

20. 

430. An administrative object substantially as shown in 
Figure 21. 

431. A method core substantially as shown in Figure 22. 

432. A load module substantially as shown in FIGURE 

23. 

433. A User Data Element (UDE) and/or Method Data 
Element (MDE) substantially as shown in FIGURE 24. 

434. Map meters substantially as shown in FIGURES 
25A-25C. 

435. A permissions record (PERC) substantially as shown 
in FIGURE 26. 
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436. A permissions record (PERC) substantially as 
shown in FIGURES 26A and 26B. 

437. A shipping table substantially as shown in FIGURE 

27. 

438. A receiving table substantially as shown in FIGURE 

28. 

439. An administrative event log substantially as shown 
in FIGURE 29. 

440. A method of interrelating and using an object 
registration table, a subject table and a user rights table 
substantially as shown in Figure 30. 

441. A method of using a site record table and a group 
record table to track portions of a secure database substantially 
as shown in FIGURE 34. 

442. A process for updating a secure database 
substantially as shown in FIGURE 35. 

443. A process of inserting new elements into a secure 
database substantially as shown in FIGURE 36. 
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444. A process of accessing elements in a secure database 
substantially as shown in FIGURE 37. 

445. A process of protecting a secure database element 
substantially as shown in FIGURE 38. 

446. A process of backing up a secure database 
substantially as shown in FIGURE 39. 

447. A process of recovering a secure database 
substantially as shown in FIGURE 40. 

448. A process of enabling performing reciprocal methods 
to provide a chain of handling and control substantially as shown 
in FIGURES 41A-41D. 

449. A "reciprocal* BUDGET method substantially as 
shown in FIGURES 42A-42D. 

450. A reciprocol audit method substantially as shown in 
FIGURES 44A-44C. 

451. A method for controlling release of content or other 
method substantially as shown in any of FIGURES 45-48. 
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452. An event method substantially as shown in 
FIGURES 53A-53B. 

453. A billing method substantially as shown in FIGURE 

53C. 

454. An extract method substantially as shown in 
FIGURE 57A. 

455. An embed method substantially as shown in FIGURE 

57A. 

456. An obscure method substantially as shown in 
FIGURE 58A. 

457. A fingerprint method substantially as shown in 
FIGURE 58B. 

458. A fingerprint method substantially as shown in 
FIGURE 58C. 

459. A meter method substantially as shown in FIGURE 

6. 
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460. A key "convolution* process substantially as shown in 
FIGURE 62. 

461. A process of generating different keys using a key 
convolution process to determine a "true" key substantially as 
shown in FIGURE 63. 

462. A process of initializing protected processing 
environment keys substantially as shown in FIGURES 64 and/or 
65. 

463. A process for decrypting information contained within 
stationary objects substantially as shown in FIGURE 66. 

464. A process for decrypting information contained within 
traveling objects substantially as shown in FIGURE 67. 

465. A process for initializing a protected processing 
environment substantially as shown in FIGURE 68. 

466. A process of downloading firmware into a protected 
processing environment substantially as shown in FIGURE 69. 



1075 



WO 96/27155 



PCIYUS96/02303 



467. Multiple VDE electronic appliances connected together with 
a network or other communications means substantially as 
shown in FIGURE 70. 

468 A portable VDE electronic appliance substantially as 
shown in FIGURE 71. 

469. Top-up w displays that may be generated by the user 
notification and exception interface substantially as shown in 
Figures 72A-72D. 

470. A smart object substantially as shown in FIGURE 73. 

471. A method of processing smart objects substantially as 
shown in FIGURE 74. 

472. Electronic negotiation substantially as shown in any 
of FIGURES 75A-75D. 

473. An electronic agreement substantially as shown in 
FIGURES 75E-75F. 

474. Electronic negotiation processes substantially as 
shown in any of FIGURES 76A-76B. 
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475. A chain of handling and control substantially as 
shown in FIGURE 77. 

476. A VDE "repository" substantially as shown in 
FIGURE 78. 

477. A process of using a chain of handling and control to 
evolve and transform VDE managed content and control 
information substantially as shown in any or all of FIGURES 
79-83. 

478. A chain of handling and control involving several 
categories of VDE participants substantially as shown in 
FIGURE 84. 

479. A chain of distribution and handling within an 
organization substantially as shown in FIGURE 85. 

480. A chain of handling and control substantially as 
shown in Figures 86 and/or 86A. 

481. A virtual silicon container model substantially as 
shown in Figure 87. 
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482. A method of business automation characterized by 
the steps of (a) creatings one or more secure containers including 
encrypted accounting and/or other administrative information 
content, (b) associating control information with one or more of 
such one or more secure containers including a description of (i) 
the one or more parties whom may use one or more of the one or 
more containers, and (ii) the operations that will be performed for 
one or more parties with respect to such accounting and/or other 
administrative information, (c) electronically delivering one or 
more of such one or more containers such to one or more parties, 
and (d) enabling through the use of a protected processing 
environment the enforcement of at least a portion of such control 
information. 

483. A business automation system characterized by: 
means for providing at least one secure container including 

administrative information content having control information 
associated therewith, and 

a protected processing environment for enforcing, at least 
in part, the control information. 

484. A business automation system comprising (a) 
distributed, interoperable protected processing environment 
installations, (b > secure containers for distribution of digital 
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information, (c) control information supporting the automation of 
chain of handling and control functions. 

485. A method of business automation characterized by 
the steps of providing interoperable protected processing 
environment nodes to plural parties, communicating first 
encrypted digital information from a first party to a second party, 
communicating second encrypted digital information including at 
least a portion of said first communicated digital information 
and/or information related to the use of said first digital 
information, to a third party different from said first or second 
parties, wherein use of said second encrypted digital information 
is regulated, at least in part, by an interoperable protected 
processing environment available to said third party. 

486. A business automation system characterized by: 
plural protected processing environment nodes, 

means for communicating digital information between the 
nodes, and 

wherein at least one of the nodes includes means for 
regulating the use of said communicated digital information. 

487. A method for chain of handling and control 
characterized by the steps of (a) a first party placing protected 
digital information into a first software container and stipulating 
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rules and controls governing vise of at least a portion of said 
digital information, (b) providing said software container to a 
second party, wherein said second party places said software 
container into a further software container and stipulates rules 
and controls for at least in part managing use of at least a portion 
of said digital information and/or said first software container by 
a third party. 

488. A chain of handling and control system characterized 

by: 

means for placing digital information into a first software 
container and for stipulating rules and/or controls governing use 
of at least a portion of said digital information, and 

means for placing said software container into a further 
software container and for stipulating further rules and/or 
controls for at least in part managing use of at least a portion of 
said digital information and/or said first software container. 

489. A system for chain of handling and control including 
(a) a first container containing at least in part protected digital 
information, (b) at least in part protected control information 
stipulated by a first party establishing conditions for use of at 
least a portion of said digital content, (c) a second container 
different from said first container, said second container 
containing said first container, (d) control information stipulated 
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independently by a second party for at least in part setting 
conditions for managing use of the contents of said second 
container. 

490. A system for electronic advertising including: (a) 
means to provide digital information to users for their use, (b) 
means to provide advertising content to said users in 
combination with said digital information, (c) means to audit use 
of said digital information, (d) means to securely acquire usage 
information regarding use of advertising content, (e) means to 
securely report information based upon said advertising content 
usage information, (f) compensating at least one content provider 
at least in part based upon use of said advertising content. 

491. A method for electronic advertising characterized by 
the steps of (a) placing digital information into a container, (b) 
associating advertising information with at least a portion of said 
digital information, (c) securely providing said container to a 
container user, (d) monitoring user viewing of advertising 
information, and (d) receiving payment from an advertiser, 
wherein said payment is related to user viewing of said 
advertising information. 

492. A system for electronic advertising involving (a) 
means to containerize digital information including both content 
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and advertising information, (b) means to monitor viewing of at 
least a portion of said advertising information, (c) means to 
charge for user viewing of at least a portion of said advertising 
information, (d) means to securely communicate information 
based upon said viewing in a secure container, and (e) control 
information related to said containerized digital information for 
managing the communication of said information based upon 
said viewing. 

493. A method for electronic advertising characterized by 
the steps of (a) containerizing digital information including both 
content and advertising information, (b) monitoring user viewing 
of at least a portion of said advertising information, (c) charging 
for user viewing of at least a portion of said advertising 
information, (d) securely communicating information based upon 
said viewing in a secure container, and (e) at least in part 
managing, through the use of control information related to said 
advertising information, the communication of information based 
upon said viewing. 

494. A method of clearing transaction information 
characterized by the steps of (a) securely distributing digital 
information to a first user of an interoperable protected 
processing environment, (b) securely distributing further digital 
information to a user of an interoperable protected processing 
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environment different from said at first user (c) receiving 
information related to usage of said digital information, (d) 
receiving information related to usage of said further digital 
information, and (e) processing information received according to 
steps (c) and (d) to perform at least one of (I) an administrative, 
or (II) an analysis, function. 

495. A system for clearing transaction information 
including (a) a first container containing at least in part 
protected digital information and associated control information, 

(b) a second secure container containing further at least in part 
protected digital information and associated control information, 

(c) means to distribute said first and second containers to users, 

(d) communication means for communicating information at least 
in part derived from user usage of said first container digital 
information, (e) communication means for communicating 
information at least in part derived from user usage of said 
second container digital information, (f) processing means at a 
clearinghouse site for receiving the information communicated 
through steps (d) and (e), wherein said processing means perform 
administrative and/or analysis processing of at least a portion of 
said communicated information. 

496. A method for clearinghouse analysis characterized by 
the steps of: fa) enabling plural independent clearinghouses for 
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administrating and/or analyzing usage of distributed, at least in 
part protected, digital information, (b) providing interoperable 
protected processing environments to plural, independent users, 
and (c) enabling a user to select a clearinghouse for use with an 
interoperable protected processing environment 

497. A system for clearinghouse analysis including (a) 
plural independent clearinghouses for administrating and/or 
analyzing usage of distributed, at least in part protected, digital 
information, (b) at least one interoperable protected processing 
environments at each of plural user locations, (c) selecting means 
for enabling a user to select one of said plural independent 
clearinghouse to perform payment and/or analysis functions 
related to the use of at least a portion of said at least in part 
protected, digital information. 

498. A method of electronic advertising characterized by 
the steps of 

creating one or more electronic advertisements, creating 
one or more secure containers including at least a portion of such 
advertisements, 

associating control information with such advertisements 
including control information describing at least one of: (a) 
reporting at least some advertisement usage information to one 
or more content providers, advertisers and/or agents, (b) 
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providing one or more credits to a user based on such user's 
viewing and/or other usage of such advertisements, (c ) reporting 
advertisement usage information to one or more market analysts, 
(d) providing a user with ordering information for and/or means 
for ordering one or more products and/or services, and/or (e) 
providing one or more credits to a content provider based on one 
or more users' viewing and/or other usage of such 
advertisements, 

providing such containers and such control information to 

one or more users, 

enabling such users to use such containers at least in part 
in accordance with such control information. 

499. A system for electronic advertising including (a) 
means to provide digital information to users for their use, (b) 
means to provide advertising content to said users in 
combination with said digital information, (c ) means to audit use 
of said digital information, (d) means to acquire usage 
information regarding use of advertising content, (e) means to 
securely report information based upon said advertising content 
usage information, and (f) compensating at least one content 
provider at least in part based upon use of such advertising 
content. 
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500. A system for chain of handling and control including 
(a) a first container containing at least in part protected digital 
information, (b) at least in part protected control information 
stipulated by a first party establishing condition for use of at 
least a portion of said digital content, (c ) a second container 
different from said first container, said second container 
containing said first container, and (d) control information 
stipulated independently by a second party for at least in part 
setting conditions for managing use of the contents of said second 
container. 

501. A method of operating a clearinghouse characterized 
by the steps of receiving usage information related at least in 
part to use of secure containers from plural parties, determining 
payments due to one or more parties based at least in part on 
such usage information, performing and/or causing to be 
performed transactions resulting in payments to such parties 
based at least in part on such determinations. 

502. An electronic clearinghouse comprising: 

means for receiving usage information related at least in 
part to use of secure containers from plural parties, 

means for determining payments due to one or more 
parties based at least in part on such usage information, 
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means for performing and/or causing to be performed 
transactions resulting in payments to such parties based at least 
in part on such determinations. 

503. A method of operating a clearinghouse characterized 
by the steps of receiving usage information related at least in 
part to use of secure containers from plural parties, determining 
reports of usage for one or more parties based at least in part on 
such usage information, creating and/or causing to be created 
reports of usage based at least in part on such determination, 
delivering at least one of such reports to at least one of such 
parties. 

504. A method of operating a clearinghouse characterized 
by the steps of receiving permissions and/or other control 
information from one or more content providers including 
information that enables delivery of at least one right in at least 
one secure container to other parties, receiving requests from 
plural parties for one or more rights in one or more secure 
containers, delivering permissions and/or other control 
information to such parties based at least in part on such 
requests. 

505. A method of operating a clearinghouse characterized 
by the steps of receiving information from one or more parties 



1087 



WO 96/27155 



PCT/US96/02303 



establishing a party's identity information, creating one or more 
electronic representations of at least a portion of such identity 
information for use in enabling and/or withholding at least one 
right in at least one secure container, performing an operation to 
certify such electronic representations, delivering such electronic 
representations to such party. 

506. A method of operating a clearinghouse characterized 
by the steps of receiving a request for credit from a party for use 
with secure containers, determining an amount of credit based at 
least in part on such request, creating control information related 
to such an amount, delivering such control information to such 
user, receiving usage information related to use of such credit, 
performing and/or causing to be performed at least one 
transaction associated with collecting payment from such user. 

507. A method for contributing secure control information 
with respect to an electronic value chain wherein control 
information is contributed by a party not directly participating in 
said value chain, comprising steps of: aggregating said 
contributed control information with control information 
associated with digital information stipulated by one or more 
parties in an electronic value chain, said aggregate control 
information at least in part managing conditions related to the 
use of at least a portion of said digital information. 
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508. A method for entering the payment of taxes 
associated with commercial events wherein secure control 
information for automatically governing tax payments for said 
commercial events is contributed by a party comprising steps of: 
aggregating said secure control information with control 
information that has been contributed by a separate party and 
controlling at least one condition for use of digital information. 

509. A method for general purpose reusable electronic 
commerce arrangement characterized by the steps of: 

(a) providing component structures, modular methods that 
can be configured together to comprise event controlled 

(b) providing integrateable protected processing 
environments to plural independent users; 

(c) employing secure communications means for 
communicating digital control information between integrateable 
protected processing environments; and 

(d) enabling database managers operably connected to 
said processing environments for storing at least a portion of said 
provided component modular methods. 

510. A system for general purpose, reusable electronic 
commerce including: 

(a) component modular methods configured together to 
comprise event control structures; 
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(b) at least one interoperable processing environment at 
each of plural independent user locations; 

(c) secure communications means for communicating 
digital control information between interoperable protected 
processing environments; and 

(d) secured database managers operably connected to said 
protected processing environments for storing at least a portion 
of said component modular methods. 

511. A general purpose electronic commerce credit system 
including: 

(a) a secure interoperable protected processing 
environment; 

(b) general purpose credit control information for 
providing credit for user usage of at least in part protected digital 
information; and 

(c) at least in part protected digital information related 
control information for providing necessary information for 
employing credit through the use, at least in part, of said general 
purpose credit control information. 

512. A method for enabling a general purpose electronic 
commerce credit system including: 

(a) providing secure interoperable protected processing 
environments; 



1090 



WO 96/27155 



PCT/US96/02303 



(b) supplying general purpose credit control information 
for providing credit for user usage of at least in part protected 
digital information; and 

(c) providing, at least in part, protected digital information 
related control information for providing necessary information 
for employing credit through the use, at least in part, of said 
genera] purpose credit control information. 

513. A document management system comprising one or 
more electronic appliances containing one or more SPUs and one 
or more secure databases operatively connected to at least one of 
the SPUs. 

514. An electronic contract system comprising one or more 
electronic appliances containing one or more SPUs and one or 
more secure databases operatively connected to at least one of 
the SPUs. 

515. An electronic appliance containing at least one SPU 
and at least one secure database operatively connected to at least 
one of the SPU(s). 

516. An electronic appliance containing one or more CPUs 
where at least one of the CPUs is integrated with at least one 
SPU. 
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517. An electronic appliance containing one or more video 
controllers where at least one of the video controllers is 
integrated with at least one SPU. 

518. An electronic appliance containing one or more 
network communications means where at least one of the 
network communications means is integrated with at least one 
SPU. 

519. An electronic appliance containing one or more 
modems where at least one of the modems is integrated with at 
least one SPU. 

520. An electronic appliance containing one or more CD- 
ROM devices where at least one of the CD-ROM devices is 
integrated with at least one SPU. 

521. An electronic appliance containing one or more set- 
top controllers where at least one of the set-top controllers is 
integrated with at least one SPU. 

522. An electronic appliance containing one or more game 
systems where at least one of the game systems is integrated 
with at least one SPU. 
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523. An integrated circuit supporting multiple encryption 
algorithms comprising at least one microprocessor, memory, 
input/output means, at least one circuit for encrypting and/or 
decrypting information and one or more software programs for 
use with at least one of the microprocessors to perform encryption 
and/or decryption functions. 

524. An integrated circuit comprising at least one 
microprocessor, memory, at least one real time clock, at least one 
random number generator, at least one circuit for encrypting 
and/or decrypting information and independently delivered 
and/or independently deliverable certified software. 

525. An integrated circuit comprising at least one 
microprocessor, memory, input/output means, a tamper resistant 
barrier and at least a portion of a Rights Operating System. 

526. An integrated circuit comprising at least one 
microprocessor, memory, input/output means, at least one real 
time clock, a tamper resistant barrier and means for recording 
interruption of power to at least one of the real time clocks. 



1093 



WO 9607155 



PCT/US96/02303 






\ A 




* 








0 


§ U O 




\ 


Ui p QC 
Z 





IN 




□□□□ 
□□□□ 



8 




CD 
u. 







8 O 










i H 

2 







1/146 



WO 96/27155 



PCT/DS96/02303 




WO 96/27155 



PCT/US96/02303 



108 



S 



FIG. 2 



VDE CONTENT 
CREATOR 




VDE RIGHTS 
DISTRIBUTOR 



Z 



L 



112 



VDE CONTENT 
USER 




116 



1 



102 





100 



J 



3D 

3 
o 

p 

i 

o 



i 



BILLS 



118 



FINANCIAL 
CLEARINGHOUSE 
AND 

VDE ADMINISTRATOR 



3/146 



WO 96727155 



PCT/US96/02303 



FIG.2A 



CONTENT CREATOR 
102 




REPLACED 



CONTENT USER f t2 



4/146 



WO 96/27155 



PCT/US96/02303 



REQUEST 

FIG. 3 




BUDGET 

I 

SUPPLY CONTENT TO USER 
5/146 



WO 96/27155 



PCT/US96/02303 




WO 96/27155 



PCT/US96/D2303 



FIG. 5A 




7/146 



WO 96/27155 



PCT/US96/02303 




8/146 



WO 96/27155 



PCT/US96/02303 



FIG. 6 




SECURE PROCESSING ENVIRONMENT 503 



V TAMPER 
RESISTANT 
BARRIER 



9/146 



WO 96/27155 



FCT/US96/02303 




WO 96/27155 



PCI7US96/02303 



600 



FIG. 8 ELECTRONIC APPLIANCE 600 
("VDENODE") 



CPU 
654 



n 



9 

CPU 654{M) . £~ 



RAM 
656 



ROM 
658 



: spu j. 
« • 



653 



POWER 
SUPPtY 



~~k 659 



SPU 
500(N) 



I- 



U 



SECONDARY STORAGE 



APPLICATION PROGRAMS 
608 



VDE AWARE 


NON-VDE 


608a 


AWARE 608b 



670 



612,614 



KEYBOARD/ 
DISPLAY 



660 




I/O 

CONTROLLER 



COMMUNICATIONS 
CONTROLLER 



666 



I NETWORK \ 

652 1 



VDE OBJECTS 
300 



OTHER 
INFORMATION 
673 



SECURE 
DATABASE 
610 



RIGHTS OPERATING SYSTEM fROS") 



602 



VDE 
FUNCTIONS 
604 



OTHER 
OPERATING 
SYSTEM 
FUNCTIONS 606 



] 



11/146 



WO 96/27155 



PCT/CS96/02303 




CD 

u. 



12/146 



WO 96/27155 



PCT/US96/02303 




13/146 



WO 96/27155 



PCT/US96/02303 




WO 96/27155 



PCT/US96/02303 




IIOOCI) 




15/146 



WO 96/27155 



PCT/US96/D2303 




J-y. // H - 

Pat a sr£ucru/e£j 



16/146 



WO 96/27155 



PCT/US96/02303 




17/146 



WO 96/27155 



PCT/US96/02J03 




18/146 



WO 96/27155 



PCT/US96/02303 




WO 96/27155 



PCI7CS96/02303 




20/146 



WO 96/27155 



PCI7US96/02303 




21/146 



wo 96mm 



PCT/US96/02303 



EEtfJCETIttM Mftk LOW Level 

ccPVICES 882 




nME BASE MANAGER 8M 




ENCRYTION/DECRYPTION MANAGER 556 


INITIALIZATION 
POST 




PK 


DOWNLOAD 

CHALLENGE/RESPONSE AND 
AUTHENTICATION 




BULK 

KEY AND TAG MANAGER MB 


RECOVERY 




l/cy CTORAGP IN PFPROM 


EEPROM/FLASH MEMORY 
MANAGER 




KEY LOCATOR 
KEY GENERATOR 


/eoMFUDlSPATCHER S52 
INITIALIZATION 




CONVOLUTION ALGORITHM 


' ' TASK MANAGER 576 

(SLEEP/AWAKE/CONTEXT SWAP) 




SUMMARY SERVICES MANAGER 560 


INTERRUPT HANDLER 584 
(TIMER/BILVPOWER FAIL/WATCHDOG 
TIMER/ENCRYPTION COMPLETED) 




EVENT SUMMARIES 




BUDGET SUMMARIES 
DISTRIBUTER SUMMARY SERVICES 


BIU HANDLER 586 
MEMORY MANAGER 678 




CHANNEL SERVICES MANAGER 562 
CHANNEL HEADERS 


INHIAUZAUUN (bblllNb MMU 

TABLES 




CHANNEL DETAILS 


ALLOfiAlfe 




LOAD MODULE EXECUTION SERVICES 
Sfi« - — 


DELLOCATE 
VIRTUAL MEMORY MANAGER 580 
SWAP BLOCK PAGING 




AUTHENTICATION MANAGER/SECURE 
COMMUNICATION MANAGER 664 

DATAtJA^ MANAGER $66 


EXTERNAL MODULE PAGING 
MEMORY COMPRESS 




MANAGEMENT PILE SUPPQK I 

TRANSACTION AND 
SEQUENCE NUMBER SUPPORT 
SRN/HASH 


RPC AND TABLES 650 
INITIALIZATION 




DTD INTERPRET ER 590 
LIBRARY ROUTINES 674 


MESSAGING CODE /SERVICES 




17"6 CALLS{STRING SEARCH ETC.) 

' uiiA i^Emq that Aft? t>ttokABLY 


MANAGER 

SEND/RECEIVE 

STATUS 
RWiblSPAlCH TABLk 




MlaU. 1 1 CM9 irv\i wvc rnwo'^u^ • 

LIBRARY ROUTINES 

r Ati UieLWNU.MLfe.LKL b 

INTERNAL LM'B 572 FOR BAiilL 


RPC SERVICE TABLE 
• 




METHODS 
METER LOAD MOOULt^a) 

SILTING LOAD MODULtli.) 


w 

FIG. 14A 


BUDGET LOAD MOOULE(S) 


AUDIT LOAD MODULE(S) 


READ OBJECT LOAD MODULE(S) 


WRITE OBJECT LOAD MOOULE(S) 


OPEN oBJcC 1 LOAD MODULUS" 


cTBSE OBJECT LOAD MODULE^) 



SPU R OM/EEPROM/FLASH S32 
22/146 



WO 96/27155 



PCIYUS96/02303 



FIG. 14B 



• 
• 
• 




PUBLIC KEY AND PRIVATE KEY, SYSTEM ID, 
ai irueunrATtrtM rPRTIFICATE VDE SYSTEM PUBLIC 
KEY PRIVATE DES KEY 






tod i c\rct ircvc Cftp fiPJPCTS 
TOP LcVfcL rvcTa run udjcw i 0 






TOP LEVEL BUDGET INFO 






METER SUMMATION VALUES 






KEY RECOROS FOR 8U0GET RECORDS. AUDIT 
RECORDS. STATIC MANAGEMENT RECORDS. UPDATED 
MANAGEMENT RECORDS. ETC. 






• 






DEVICE: DATA TABLE 






SITE ID 






TIME 






ALARMS 






TRANSACTION/SEQUENCE *S 






MISCELLANEOUS 






MEMORY MAP 






MAP METERS 






LM/UDT TABLE 






TASK MANAGER 576 






CHANNEUS) 






SUMMARY SERVICES 660 






SECURE DATABASE TAGS 






SRN ENTRIES 






HASH ENTRIES 




• 
• 
• 

NON-VOLATILE MEMORY 534b 


23/146 



WO 96/27155 



PCT/US96/02303 



FIG. 14C 



STACK 


• 
• 


CHANNEL SWAP BLOCK 








CHANNEL LM 






CHANNEL HEADER & D1 


CONTROL SWAP BLOCK 








CONTROL LM 






CONTROL D1 






COMMIT LM 






COMMIT D1. D2. D3 


CWCWT e\A/AP BLOCK 








EVENT LM 






MAP TABLE (SINGLE) D1 


IICTCD CIA/AD Bl r\f*hC 








METER LM 




METER UOE DELTADELTA' 




METER TRAIL LM 




METER TRAIL UDE 
DELTA DELTA* 


BUDGET SWAP BLOCK 






METER LM 




METER UDE DELTA.DELTA 




METER TRAIL LM 




METER TRAIL UDE 
DELTA.DELTA 


BILLING SWAP BLOCK 








BILLING LM 




METER UDE 




BUDGET UDE 




BILLING TABLE UDE 




BILLING TRAIL LM 




BILLING TRAIL UDE DELTA 1 



SPU RAM 532 





24/146 



WO 96/27155 



PCT/US96/02303 




25/146 



WO 96/27155 



PCT/US96/02303 



FIG. 15A 



CHANNEL 
HEADER 
596 " 
598(1) 
598(2)- 

598(N). 
599- 



CDRI 
594(1)' 



CHANNEL 10 



USER ID 



OBJECT ID 



RIGHT ID/REF. 



EVENT QUEUE 



.597(1) 
597(2) 
597(3) 

* 597(4) 

,597(5) 



, EVENT CODE 1/PTR.TO CDR(1) 



EVENT CODE 2/PTR TO CDR(2) 



IVENT 1 CODE N/PTR TO CDR(N) 



JUMP/REFERENCE TABLE 



CDR2 
594{2) 



CHANNEL DETAIL RECORD (1) 



CONTROL METHOD LOAD MODULE REF. 



URTREF 



REF TO OTHER DATA STRUCTURE(S) 



CHANNEL DETAIL RECORD (2) 



LM(1)REF. 



REF. TO DATA STRUCTURE(S) 



LM(2) REF 



REF. TO DATA STRUCTURE(S) 



LM(N) REF. 



REF. TO DATA STRUCTURE(S) 




26/146 



WO 96/27155 



PCT/US96/02303 



FIG. 15B 



'open channelj 

(object, user, right) 

1125 



ALLOCATE 
"AVAILABLE" 
CHANNEL 




WRITE TO 
CHANNEL HEADER 



1127 



1129 



OBTAIN CONTROL 
METHOD 



1131 



•8IND" CONTROL 
METHOD TO 
CHANNEL 



1133 



PASS "INIT" EVENT 
TO CHANNEL 



1135 



ACCESS 
COMPONENTS 



1137 



-BIND" COMPONENTS TO 
CHANNEL BY CONSTRUCTING 
CHANNEL DETAIL RECORD(S) 
FOR EACH EVENT 
WITHIN •WGHT 




1139 




WO 96/27155 



PCT/US96/02303 



23 

is 
i§ 

U- O 
Z Ui 
O 0£ 

a 



His 

€0 ' 



to 

2 

Li- 



te 

ui 
en 

I 

Ui 

O 
UJ 
CO 



CO CO 
■it Ui o 

* H tt 

Z UI Ui 
CO Ct 



10 



ZD 

a 
o 



o 
< 
o 



CO 

O CO 

u • 
0. 



z 














g 






UJ 




UJ 




RAT 
iQ 


UJ 

m 


i 


Is 


rABL 




JECT REGIS! 
TABLE 46 


SUBJECT TA 
462 


CO 

xS 

s 

ic: 

tUJ 


ADMINISTR/ 
EVENT L( 
442 


SHIPPING T 
444 


RECEIVING 1 
446 




OD 














O 




r 











CO 


•A 


■A 


DYNAMIC CORE 
10001) 


DYNAMIC MDE 
1202b 


DYNAMIC UDE 
1200b 


VTIC CORES 
1000*6 


ATIC MDEs 
1202a 


M 
UJ 

0 

iP 




as 


CO 


CO 




28/146 



WO 96/27155 



PCIYUS96/D2303 



CONTENT C 



302 



PUBLIC HEADER 



PRIVATE HEADER 



PRIVATE BODY 
(METHODS 1000) 



PERMISSIONS RECORDS 



DATA BLOCK 



DATA BLOCK 



DATA BLOCK 



800 
J 

802 
804 

-806 

808 
-810 

812a 



./812b 



,812c 



LOGICAL OBJECT 

FIG. 17 



29/146 



WO 96/27155 



PCT/US%/02303 



850^ 



PUBLIC HEADER 802 I 


PRIVATE HEADER 
604 


COPY OF IDENTIFICATION I 
ELEMENTS FROM PUBUC 1 
HEADER 1 


PRIVATE BODY(OBJECT LOCAL METHODS 1 
LOAD MODULES. AND UDEs) 1 
806 1 


CONTENT 612a 


DATA BLOCK 1 1 


• • ■ 1 


81 2n 


DATA BLOCK n 1 



CLEAR 



PRIVATE 
HEADER 
KEY 

(1 OF MANY) 



PRIVATE BODY 
KEY (IN PERC) 



CONTENTS 
KEY 1 
(IN PERC) 



CONTENTS 

KEY n 
(IN PERC) 



STATIONARY OBJECT 



FIG. 18 



30/146 



WO 96/27155 



PCT/US%/02303 



860 



PUBLIC HEADER 802 


PRIVATE HEADER 
804 


COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC 
HEADER 


808 v 


rem. 






|KEY BLOCKS 810| 


PRIVATE BODY(OBJECT METHODS. 
LOAD MODULES, AND UDEs) 
806 


CONTENT 812a 




DATA BLOCK 1 


• • • 


812n 




DATA BLOCK n 



TRAVELING OBJECT 

FIG. 19 

31/146 



CLEAR 



PRIVATE 
HEADER 
KEY 

(1 OF MANY) 



PRIVATE BODY 
KEY (IN PERC) 



CONTENTS 
KEY 1 
(IN PERC) 



CONTENTS 

KEY n 
(IN PERC) 



WO 96/27155 



PCI7US96/02303 



880 

r 



PUBLIC HEADER 802 



PRIVATE HEADER 
804 



COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC 
HEADER 



PRIVATE BODY(OBJECT LOCAL METHODS, 
LOAD MODULES. AND UDEs) 
806 



CONTENT 812a 



DATA BLOCK 1 



^CONTAINER 



300 




ADMINISTRATIVE 
OBJECT 

EMBEDDED 
CONTENT 
OBJECT 



812b 




870 



812n 



DATA BLOCK n 



CLEAR 



PRIVATE 
HEADER 
KEY 

(1 OF MANY) 



PRIVATE BODY 
KEY (IN PERC) 



CONTENTS 
KEY 1 
(IN PERC) 



; CONTENTS 
KEY n 
(IN PERC) 



CONTENT OBJECT 

FIG. 20 



32/146 



WO 96/27155 



PCIYUS96/02303 



870 



r 



PUBLIC HEADER 802 



PRIVATE HEADER 
804 



COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC 
HEADER 



808, 



PERC 



PRIVATE BODY(OBJECT LOCAL METHODS. 
LOAD MODULES, AND UDEs) 
806 



CONTENT 812 
872a ADMINISTRATIVE INFORMATION 



872b 

Mi 



872n 



EVENT 1 


PARAMETER^ DATA "! 
1 J 


■ EVENT 2 


parameters: data : 
I J 


• • • 

• • • 

• • • 


EVENT N 


parameters! data i 

\ . ! 


874' 876- / 87B J 



CLEAR 



PRIVATE 
HEADER 
KEY 

(1 OF MANY) 



PRIVATE BODY 
KEY (IN PERC) 



CONTENTS 
KEY 

{IN PERC) 



ADMINISTRATIVE OBJECT 

FIG. 21 



33/146 



WO 96/27155 



PCT/US96/02303 



1006 



FIG. 22 

1007 . 



PUBLIC HEADER B02 



PRIVATE HEADER 804 



COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC HEADER 



EVENT 1 
1014 



EVENT 2 
EVENT 3 
EVENT 4 
EVENTS 



1016 



1018a 



1016b 



METHOD EVENT TABLE 




PERC/ 
LMREF. 



DATA 
REF1 



EVENT 7 



EVENT N 



DATA 
REF2 



1006 



METHOD LOCAL DATA AREA 
iMDEs UDE5, DTDS OR PORTIONS THEREOF. 
(M ° ' ORREFERENCES THERETO) 



CLEAR 
TEXT 



1012(1) 
1012(2) 



>012p) 
SITE 

SPECIFIC 
METHOD 
KEY 
1012(4) 

1012(5) 
,1012(6) 



,1012(7) 



,1012(N) 



she 

SPECIFIC 
METHOD 
KEY 



METHOD "CORE" 

34/146 



WO 96/27155 



PCT/US96/02303 



FIG. 23 

1100 



PUBLIC HEADER 802 




CLEAR 


PRIVATE HEADER 
804 


COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC 
HEADER 




SITE SPECIFIC 
LM KEY 








ENCRYPTED EXECUTABLE BODY 
1106 




SrTE SPECIFIC 
LM KEY 


DTD 1 1108(a) 




SITE SPECIFIC 
LM KEY 


• • • 




■ • • 


DTD n 1108(n) 




SITE SPECIFIC 
LM KEY 



LOAD MODULE 



35/146 



WO 96/27155 



PCT/US96/O2303 



FIG. 24 



1200,1202 



PUBLIC HEADER 802 




PRIVATE HEADER 


COPY OF IDENTIFICATION 
ELEMENTS FROM PUBLIC 
HEADER 




804 






DATA AREA 






1206 






(MAY REFERENCE ONE OR MORE DTDs) 





CLEAR 



SITE SPECIFIC 
UDE KEY 



UDE (MDE) 



36/146 



WO 96/27155 



PCT/US96S02303 



FIG. 25A 



USAGE BfT MAP 



ELEMENT REPRESENTING PAST 
USAGE OF ONE ATOMIC ELEMENT OF 
OBJECT 



1010 



1206 



FIG. 25B 



RECORDING 
NUMBER 



TIME 



JAN. FEB. MAR. APRIL MAY JW£ 



10 



9 



T 



1206 



37/146 



WO 96/27155 



PCT/US96/02303 



FIG.25C 



.USAGE PAID FOR 5 MONTHS AGO 

USAGE PAIO FOR 4 MONTHS AGO 

USAGE PAID FOR 3 MONTHS AGO 
USAGE PAID FOR 2 MONTHS AGO 

~\USAGE PAID FOR IN PRIOR MONTH 

yUSAGE PAID FOR IN CURRENT MONTH 



1206a 




















— L_ 




_1 





r 



1206 




404 



406 



BILLING METHOD ^/ 



38/146 



WO 96/27155 



PCT/US96/02303 



900 



906a. 

9200X1)0), 
914a(1) 

920(a)(1)(ii) 



920(a)(2)(i). 
914(a)(2), 

920(3X2)05) 



906b. 



914(bX1) 



FIG. 26 

PERMISSIONS RECORD 



902 



f 



808 



904 



PERC HEADER 



CS9 ! PRIVATE BODY KEYS 



RIGHTS RECORD HEADER 1 
908a 



I CSRI RIGHT KEYS 
| 910a j 912a 



CONTROL SET HEADER 1 916(a)(1) ! CONTROL METHOD 918(a)(1 > 



REQUIRED METHOD HEADER 1 922(a)(1)(i) 



924(a)(1X0(A) j 
METHOD OPTION 


924<a)(1X0(B) i 
METHOD OPTION | 


REQUIRED METHOD HEADER 2 922(a)(1)(h) 


924<a)(1XfiXA) 
METHOD OPTION 


; 924{aX1)00(B) j 

! METHOD OPTION \ ' ' ' 

1 • 
• • • 





CONTROL SET HEADER 2 916(aX2) 


CONTROL METHOD 918(a)(2) 



REQUIRED METHOD HEADER 1 922(aX2)(i) 


924(a)(2Mf)(A) 
METHOD OPTION 


924(a)(2Xi)(B) j 
METHOD OPTION 


• • ■ 


REQUIRED METHOD HEADER 2 922(a)(1)(ti) 


924(aX2Xfi)(A} 
METHOD OPTION 


j 924<a)(2)(ii)(B) 
! METHOD OPTION 


• • • 



RIGHTS RECORD HEADER 2 
908b 



{ CSR | RIGHT KEYS 

} 910b I 912b 
• i 

■ 1 





916(b)(1) 
CONTROL SET HEADER 1 


1 

■ 

1 


916(bX2) 
CONTROL METHOD 



39/146 



WO 96/27155 



PCT/US96/02303 



FIG. 26A 




940 

942- 



914(0) 



924(o)(a) 



B24(o)(a)(1 



924(o)(9)(2) 

WO(o)(b) 



HEADER 900 



SITE RECORD NUMBER 



LENGTH OF PRIVATE BODY KEY BLOCK 



LENGTH OF THIS RECORD 



EXPIRATION DATE/TIME FOR THIS RECORD 



LAST MODIFICATION DATE/TIME 



ORIGINAL DISTRIBUTOR ID 



LAST DISTRIBUTOR ID 



OBJECT ID 



CLASS OR TYPE OF PERMISSIONS RECORD/INSTANCE ID 
FOR RECORD CLASS 



NUMBER OF RIGHTS RECORDS 



VALIDATION TAG FOR THE RECORD 



KEY BLOCKS FOR THE PRIVATE BOPY(e.g., METHODS) IN OBJECT 
CONTROL SET RECORD 0 - COMMON TO ALL RIGHTS 



LENGTH OF THIS RECORD 



NUMBER OF REQUIRED METHOD RECORDS 



ACCESS TAG TO CONTROL MODIFICATIONS THIS RECORD . ^ 



"REQUIRED METHOD RECORD 1 



LENGTH OF THIS RECORD 



,058 

860 

ACCESS t AG YO CCWttOL MbblFlfcATION OF THIS RECORD 4- 062 



NUMBER OF METHOD OPTION RECORDS 



METHOD OPTION RECORD 1 



LENGTH OF THIS RECORD 



LENGTH OF DATA AREA 



METHOD ID (TYPE/OWNER/CLASS/INSTANCE) 



064 
066 
968 

CORRELATION TAG FOR CORRELATION WITH REQUIRED METHODl 970 

Modification of this record 1^,972 

974 

976 
978 



access 1 auto co n mon 

TS i5TH6P SPblW-ic A TT RlflUlhfa 



DATA AREA 



CHECK VALUE 



METHOD OPTION RECORD 2 



1 



hPriUIREb Mb! HOD RECOKU 1 • 



CHECK VALUE 



90Sa>J RIGH TS RECORD 1 
906b. 



RIGHTS RECORD 2 



CHECK VALUE 



~932 
.934 
.936 
.938 



.944 
• 948 
'950 

.952 

.954 
.956 



980 



PERC 



40/146 



WO 96/27155 



PCT/USW02303 



FIG. 26B 



908a 
982. 



. HEADER 



914(a)(1). 
914(a)(2). 



906a 

{ 



LENGTH OF KEY BLOCK 



LENGTH OF THIS RECORD 



EXPIRATION DATEH1ME FOR THIS RECORD 



RIGHT ID 



NUMBER OF CONTROL SETS FOR THIS RIGHT 



ACCESS TAG TO CONTROL MODIFICATION OF 
THIS RECORD 



CONTROL SET FOR RIGHT 



"KEY BLOCK FOR USE WITH THIS RIGHT. 



CONTROL SET 1 



CONTROL SET 2 



CHECK VALUE 



, 984 
986 
>988 
990 

. 992 

•910 
•912 



994 



PERC RIGHTS RECORD 



41/146 



WO 96/27155 



PC17US96/02303 



FIG. 27 

SHIPPING TABLE 



SITE RECORD NUMBER 



444A(1) 

\ 



USER (GROUP) ID 



REF. TO "FIRST COMPLETED OUTGOING SHIPPING RECORD 



REF. TO "LAST* COMPLETED OUTGOING SHIPPING RECORD 



HEADER 



REF. TO "FIRST* SCHEDULED OUTGOING SHIPPING RECORD 



_444A(2) 
^444AP) 
^444A<4) 
„444A<5) 
.444A(6) 
.444AC7) 

VALIDATION TAG FOR "FIRST OUTGOING SHIPPING RECORD(S) J_444A(8) 

444A(9) 



REF. TO "LAST SCHEDULED OUTGOING SHIPPING RECORD 



VALIDATION TAG FROM NAME SERVICES RECORD 



CHECK VALUE 



SITE RECORD NUMBER 



FAST DATE/TIME FOR SCHEDULED SHIPMENT 



LAST DATE/TIME FOR SCHEDULED SHIPMENT 



ACTUAL DATE/TIME OF COMPLETED SHIPMENT 



OBJECT ID OF ADMINISTRATIVE OBJECT (TO BE) SHIPPED 



REF. TO ENTRY IN ADMINISTRATIVE EVENT LOG 



REF. TO NAME SERVICES RECORD NAMING RECIPIENT 



PURPOSE OF SHIPMENT 



SHIPPING 
RECORD , 
445(1) 



STATUS OF SHIPMENT 



REF. TO "PREVIOUS" OUTGOING SHIPPING RECORD 



REF. TO "NEXT OUTGOING SHIPPING RECORD 



VALIDATION TAG FROM HEADER 



VALIDATION TAG TO ADMINISTRATIVE EVENT LOG 



VALIDATION TAG TO NAME SERVICES RECORD 



VALIDATION TAG FROM PREVIOUS RECORD 



VALIDATION TAG TO NEXT RECORD 



CHECK VALUE 



SHIPPING RECORD N 



J _445(1KA) 
.^«45<1XB) 
4450XC) 
J_445(1)(0) 

,4450XE) 
J_ 445(1 XF) 

1_ 445(1 KG) 
~^445(tXH) 
^ 445(1X1) 
445(1 XJ) 
^_44S(1XK) 

,445(1X1) 

445(1 XM) 
" -^445(1 XN) 
T ^445(1X0) 
T -445(1 XP) 
"^445(1X0) 



445(1XR) 



42/146 



WO 96/27155 



PCIYUS96/02303 



FIG. 28 

RECEIVING TABLE 



HEADER , 
446A ^ 



RECEIVING 
RECORO 
447(1) 



< 



446A(1) 

!_ 



SITE RECORO NUMBER 



USER (GROUP) ID 



REF. TO "FIRST* COMPLETED INCOMING RECEIVING RECORD 



REF. TO "LAST" COMPLETED INCOMING RECEIVING RECORD 



REF. TO TIRSr SCHEDULED INCOMING RECEIVING RECORD 



REF. TO "LAST" SCHEDULED INCOMING RECEIVING RECORD 



VALIDATION TAG FROM NAME SERVICES RECORO 



VALIDATION TAG FOR "FIRST" INCOMING RECEIVING RECORD(S) 



CHECK VALUE 



_44SA(2) 
„446A(3) 
„446A(4) 
,,446A(5) 
„ 446A(6) 
.446A(7) 

„446A(8) 
446A(9) 



SfTE RECORD NUMBER 


_447{1KA) 


FIRST DATE/TIME FOR SCHEDULED RECEPTION 




^447(1)(B) 


LAST DATE/TIME FOR SCHEDULED RECEPTION 




- 447(1 ){C) 


ACTUAL DATE/TIME OF COMPLETED RECEPTION 




_447(1)(D) 


OBJECT ID OF ADMINISTRATIVE OBJECT (TO BE) RECEIVED 


^ 447(1)(E) 


REF. TO ENTRY IN ADMINISTRATIVE EVENT LOG 1 


447(1 KF) 


REF. TO NAME SERVICES RECORD NAMING SENDER 




_ 447(1 XG) 


PURPOSE OF RECEPTION 




^447(1XH) 


STATUS OF RECEPTION 




_ 447(1 Ml) 


REF. TO "PREVIOUS" INCOMING RECEIVING RECORD 




- 447(1 )(J) 


REF. TO "NEXT" INCOMING RECEIVING RECORD 




- 447(1 )(K) 


VALIDATION TAGS 




_^ 447(1 XL) 


CHECK VALUE 




_447(1MM) 



RECEIVING RECORD N 



447(2) 



43/146 



WO 96/27155 



PCT/US96/02303 



FIG. 29 

ADMINISTRATIVE EVENT LOG 



HEADER 
443A < 



ADMIN. 
EVENT LOG . 
RECORD < 
442(J) X 



SUBRECORD 
442(J)(1) 



ADMINISTRATIVE EVENT LOG RECORD 1 



ADMINISTRATIVE EVENT LOG RECORD 2 



SITE RECORD NUMBER 



RECORD LENGTH 



ID OF ADMINISTRATIVE OBJECT 



NUMBER OF EVENTS 



VALIDATION TAG FROM SHIPPING OR 
RECEIVING TABLE 



CHECK VALUE 



SUBRECORD LENGTH 



DATA AREA LENGTH 



EVENT ID 



RECORD TYPE 



RECORD ID 



DATA AREA 



CHECK VALUE 



SUBRECORD N 



ADMINISTRATIVE EVENT LOG RECORD N 



442 

r 

„«42<1) 
_442(2) 



_ 443A(1) 
443A(2) 
_443A(3) 
^443A(4) 

^443A(5) 

_443A(6) 
442(J)(1)(a) 

_442(J)(1)(b) 
442(J)(1)(C) 

442(J)(1Md) 
• 442(J)(1)(e) 
,442(J)(1)(f) 
_442(J)(1)(g) 



.442(JKN) 



.442(N) 



44/146 



WO 96/27155 



PCT/US96/02303 




45/146 



WO 96/27155 



PCT/US96/02303 



466(1)^ 

466(2) ^ 

466(3) _ 
466(4)^ 



TO 



OBJECT 



466(5) 

466(6) 

466(7) 
V 

466(6) 
466(9) 



SITE RECORD NUMBER 



OBJECT TYPE 



CREATOR ID 



OBJECT ID 



POINTER INTO SUBJECT 
TABLE 462 



ATTRIBUTED) 



MINIMUM REGISTRATION INTERVAL 



TAG TO SUBJECT TABLE 
RECORD 



CHECK VALUE 



460 



TO SUBJECT 
TABLE RECORD(S) 



>-460(N) 



FIG. 31 

OBJECT REGISTRATION TABLE 



46/146 



WO 96/27155 



PCTAJS96/02303 



FIG. 32 



SUBJECT 
TABLE 



"HEADER" 
468 



SUBJECT 
RECORD ^ 
470(1) 



SITE RECORD NUMBER 



CREATOR ID 



ORIGINAL DISTRIBUTOR ID 



LAST DISTRIBUTOR ID 



OBJECT ID 



REF. TO "FIRST SUBJECT 
RECORD 470 



TAG FROM OBJECT REGISTRATION 
TABLE RECORD 



TAG TO "FIRST SUBJECT RECORD 



CHECK VALUE 



SITE RECORD NUMBER 



USER (USER GROUP) ID 



USER (USER GROUP) ATTRIBUTES 



REF. INTO USER RIGHTS TABLE 



REF. TO "NEXT SUBJECT 
RECORD 



TAG FROM HEADER 



TAG TO USER RIGHTS TABLE RECORD 



TAG TO "NEXT" SUBJECT RECORD 



CHECK VALUE 



462 

_468(1) 

*468<2) 

.468(3^ 

_468(4) 

✓468(5) 
.468(6) 



462(M) 



-468(7) 
468(8] 
468(9) 




, TOURT 
,,472(4) RECORD(S) 

,472(5) 



472(6) 

,472(7) 

^472(8) 
. 472(9) 



47/146 



WO 96/27155 



PCI7US96/02303 



FIG. 33 USER RIGHTS TABLE 



FROM 
SUBJECT 
TABLE 



474 



476 



478 



URT 
HEADER 



SITE RECORD NUMBER 



NUMBER OF RIGHTS RECORDS 



REF. TO "FIRST RIGHT RECORD 



TAG FROM SUBJECT TABLE 



TAG TO RIGHTS RECORD 



CHECK VALUE 



RIGHTS 
RECORD 
HEADER 



476(7) 



SITE RECORD NUMBER FOR THIS 
RIGHTS RECORD 



RIGHT ID 



POINTER TO 74EXT RIGHTS RECORD 



POINTER TO TIRST SET OF USER 
CHOICE RECORDS 



TAG FROM URT HEADER 



TAG TO TIRST SET OF USER 
CHOICE RECORDS 



CHECK VALUE 



SET 
OF 
USER 
CHOICE 
(RECORDS! 



SITE RECORD NUMBER FOR THIS 
USER CHOICE RECORD 



USER(USER GROUP) ID 



ATTRIBUTES 




REF. TO "NEXT SET OF USER CHOICE RECORDS 



NUMBER OF USER CHOICES 



TAG FROM RIGHTS RECORD HEADER 



USER CHOICE RECORD 1 



USER CHOICE RECORD 2 



user choice records 



CHECK VALUE 



^474(3) 464{K) 
474(4) 

,474(5) 

,474(6) 

✓ 476(1) 

476(2) 
476(3) 
476(4) 



.476(5) 
476(6) 



478(1) 

478(2) 
,478(3) 



. 478(4) 

.478(5) 

, 478(6) 
.480(1) 

480(2) 



^480JN) 



48/146 



WO 96/27155 



PCT/US96/02303 



FIG. 34 



460- 




GROUP RECORD 
TABLE 



AUDm 
AUDFT2 



BUDGET 1 
BU&6EV2 



BILLING 2 



49/U6 



WO 96/27155 



PCT/US96/02303 



FIG. 34 A 

SITE RECORD 



482 

0 



L 



482(J) 



TYPE OF RECORD 



OWNER OR CREATOR OF RECORD 



CLASS 



INSTANCE 



TYPE SPECIFIC DESCRIPTOR (e.Q.. OBJECT ID) ASSOCIATED 
WITH RECORD 



TABLE IN WHICH THE RECORD IS LOCATED 



POINTER - OFFSET, WITHIN THE TABLE. TO WHERE 
THERECORO BEGINS 



RECORD LENGTH 



VALIDATION TAG FOR RECORD 



CHECK VALUE 



J84(1) 

484(2) 

_484(3) 
_484(4) 

484(5) 

JIS4(6) 
^484(7) 

484(8) 
484(9) 

484(10) 



50/146 



WO 96/27155 



FCT/US96/02303 



FIG. 34B 



GROUP RECORD 



L 



486(J) 



SITE RECORD NUMBER 



NUMBER OF REFERENCE SUBRECOROS 



VALIDATION TAG FOR GROUP OF RECORDS 



REFERENCE SUBRECORD 1 



REF.(5Hk RkUORO KlUMJJbH i) 
GROUP 



FOR 1ST RECORD in 



VALIDATION TAG FOR RECORD 



REFERENCE SUBRECOKU 2 



rEP.(SI Ik MslWRD NUMBER 2) t-OR i5 T RECORP In 
GROUP 



VALIDATION TAG FOR RECORD 



486 



J88(1) 

_488(2) 

J88(3) 
.488(4) 
, 490(A) 

^ 490(B) 
488(5) 

f 490(C) 
490(0) 



CHECKSUM (CRC) 



_ _48B{6) 



51/146 



WO 96/27155 



PCTAJS96/0230J 



1150 



1152 
1154 



i 

APPLIANCE CALLS CLEARINGHOUSE 



FIG. 35 



1^. 



APPLIANCE AND CLEARINGHOUSE AUTHENTICATE ONE 
ANOTHER AND AGREE ON A MESSAGE KEY 



1158 




DOES APPLIANCE HAVE 
AUDIT INFO TO SEND? 



NO 



APPLIANCE SENDS ADMINISTRATIVE OBJECT(S) 
CONTAINING AUDIT INFO 



1160 



21 



CLEARINGHOUSE SENDS RESPONSIVE ADMIN. OBJECT(sJ 



1162 



1164 



1166 



"APPLIANCE UPDATES SECURE DATABASE 
BASED ON OBJECTS RECEIVED 




APPLIANCE SENDS ADMINISTRATIVE OB JECT(S)"fc 
REQUESTING BUDGETS AND/OR PERMISSIONS \ 



■fcLfcARIN6^&US£ SEWS RESPONSIVE 
ADMINISTRATIVE OBJECT(S) 



1168 [ APPLIANCE UPDATES SECURE DATABASE B AS EDI 
^- ON OBJECTS RECEIVED I 



52/146 



WO 96/27155 



PCT/US96/023O3 





viva aw 



CO 
CO 

2 

IE 



3 

i 

J 
II 




.1. 

3 



viva aw A3* 

X03TBO *NWW 



3SNOdS3W 




iii 
ofru; 



53/146 



WO 96/27155 



PCT/US96702303 




V1VG 



VLVO ONV 



2 




OV1 

TVNM31N1 





VIVO NOU.dA.H3H3 OWl 
A3M3TUXN3W3SVWW 




tu 



8 £ §i 



54/146 



WO 96/27155 



PCI7US96/02303 



FIG. 38 



c 



STORE ITEM IN 
SECURE DATABASE 



GENERATE NEW KEY JL*s 



I 



I 



ENCRYPT RECORD 
WITH NEW KEY 



1088 



1000 




YES 



.NO 

"read and decryh i 

OTHER RECORD(S) 
FROM SECURE 
DATABASE 

ifgiMQOLDKgYfS^ 



1082 



RE-ENCRYPT SAID 
OTHER RECORO(S) 
USING NEW KEY 



1094 



DISCARD OLD KEY(S) 



1008 



SAVE NEW KEY 



STORE ENCRYPTED 

RECORD(S) 
IN SECURE DATABASE 



1097 



1098 



c 



END 



55/146 



WO 96/27155 



PCT/US9G/02303 



C 



BACKUP 



3 



FIG. 39 

BACKUP 



1252 



1254 



1256 



1258 



1260 



1262 



GENERATE 
BACKUP KEY(S) 



READ AND DECRYPT 
ITEM 



ENCRYPT ITEM WITH 
BACKUP KEYfS) 



WRITEEflcHVPIkl) | 
fTEMTO BACKUP I 



STORE 



1250 




ENCRYPT SUMMARY 
SERVICES AUDIT INFO. 
WITH BACKUP KEY(S). 
WRITE TO 
BACKUP STORE 



1264 



1266 



ENCRYPT BACKUP 
KEY(S) AND OTHER ID 
INFO. 
WITH PUBLIC KEY; 
WRTTETO 
BACKUP STORE 



ENCRYPT BACKUP 
KEYfS) WITH ADMIN. 
KEY; WRTTETO 
BACKUP STORE 



C 



DONE 



56/146 



WO 96/27155 



PCT/US96/02303 



FIG. 40 

RECOVER SECURE DATABASE 



1268 



START ^ 



ESTABLISH 
SECURE 
COMMUNICATIONS 



EXTRACT 
•WORK IN PROGRESS" 
AND SUMMARY VALUES 



REQUEST CURRENT 
BACKUP FROM SPU 



RESET SI 
VALUES AND 
CONSISTEN1 
BAC 


JMMARY 
COUNTERS 
r WITH LAST 
KUP 







RESTORE SECURE OB 
FROM BACKUP 



1270 



1 1272 

r 



1274 



1276 



1278 



i 





COMPUTE BILLS BASED 


1260 




ON RECOVERED 






VALUES 








1282 


PERFORM OTHER 


ACTIONS TO RECOVER 




FROM SPU DOWNTIME 





c » ^ 

57/146 



WO 96/27155 



PCT/US96/02303 



VDE Node 



1000B 







Q 
O 




METH 


Response-1 








1454 



1452} . 

Event and optibnal information 



VDE Node 

ioooa] % 







0 
0 


. RequesM 














[?4S0 



58/146 



Figure 41a 



WO 96/27155 



PCT/US96/02303 



boobJ, 



VDE Node 








■ 




o 
o 






METH 


'. Response- 1 










, Request-4 



fl4gB 



600A]. 



VDE Node 




[U50 


100C !*K 






o 
o 


• Request- 1 




METH 






; Response-4 









J* 



1470 



Event and optional information 



Event and optional information 



59/146 



Figure 41b 



WO 96/27155 



PCT/US96/D2303 



VDE node 



1460 



1000C 







o 




X 


1 Response-2 








.Request-3 


[?482 



600b). 



cottons! 
intormston 



VDE node 



149 *1 H 456 



iooob] 



1466 





; Response-3 - 


o 


' Request-2 


X 


• Response-1 - 








. Request-4 


|?46S 



1469 



600A 



tnd 

optional 
in f ormition 

t 



1452 



f?450 




■ 


a 
o 


' Request-1 






2 


- Response-4 


* 





VDE node 



10004 



3- 



1470 



60/146 



Figure 41c 



WO 96/27155 



PCT/US96/023Q3 



to). 



Content obje 




ator VDE node _ 

t476A a**™* 



O 
o 

00 



Use 



Request 



Response 



Reply 



: Distribute 



Us*--"- 



- — - » • . * * * 



11475A 



1474Afll 



'.Budget 



106 



Grant 
Budoet 



Budget 



1310B 



14*4B[ [l4«0B 






: Use 




LU 


Request 




O 

o 


* Response 




CD 


• Reply 






> Distribute 


1475B 


]74T2B 



-Use- 



1482BC] 

1474BC]. 



Request 
Budget 



,[ue2BC 



Grant 
Budget 

I 



Budget 



Content use VDE node 
(Twoc 



H476C 



151CC]' 





;Use • 




* Request 


o 
o 

=> 




CD 


. Reply 







June 



--<--Ute 



1473C)' 



Figure 41 d 



61/146 



WO 96/27155 



PCIYUS96/02303 



/^vt BUDGET IMhod\ 
r UeeProcata J 





t 




Prime BUDGET Audit 




Trafl 






,{S» 


Obtain DTD tor 


4 RUJ | 


BUDGET 





fsso 



Obtain BUDGET 



-*U»d- 




Yes- 



( BUDGET Method V 
Succeeded / 



I s78 



BUDGET Audit 
Trail UDE 



DTD to BUDGET | 
UDE 



V 



BUDGET UDE 



Commit BUDGET 
Failure Audit Record 



12272 



Update BUDGET using 




AE and count 






(BT4 








Save BUDGET Use 




AudR Record 





f 

\ 



BUDGET UDE 



5276 



BUDGET Audit 
TraSUDE 



BUDGET 
Method Use 
Process Flov* 



,[2268 



/ BUDGET Method 
\^ Failed 



Figure 42a 



62/146 



WO 96/27155 



FCT/US9&02303 



/ SfirtBUCK3fcT Method 
(Adminsstrathre Request) 
V Process J 



Sonne time toter 



Prime 
communications audit 
trail 



2292 



-Write- 



(2296 



Write BUDGET 
Administrative 
Request into 
Administrative 
Object 



-Read 



(poo 



Save communications 
audit trail 



-Write 



•|2250 





,[2280 


Prime BUDGET 
Administrative Audit 
Trail 








,{2284 


Queue Request for 
Administrative 
Processing of 
BUDGET 


Write > 




,[22BS 


Save BUDGET 
Administrative Audit 
Trail 


Wrtte > 



BU DGET 
Administrative 
AuditTraO 



BUDGET Method 

Administrative 
Request Process 
Flow 



BUDGET 
AdminisLttUvfl 
Request 



BUDGET 
Administrative 
Audit Trail 



22S4 





Communications 
audit trail 



BUDGET UDE, 
BUDGET Audit 
Trail UDE(s). and | 
BUDGET 
Administrative 
Request 
Record(s) 



Communications 
audit traB 



^{2302 



nd BUDGET Methotk 
Administration Request' 
Process 



3 



Figure 42b 



63/146 



WO 96/27155 



PCT/US96/02303 



- » * « - « — 

Response Process^ 



|Z250 



IZJ06 



Prtme BUDGET 
Communications and 
Response Audit Trafl 



Unpack Admin. 
Object and retrieve 
BUDGET 
requests), audit 
trail(s) and 
reccrd(s) 



Retrieve request and 

determine the 
response method to 
run to process the 
request 




Communications 
and Response 
Audit Trafl 



BUDGET Method 
Administrative 

Response 
Process Flow 



,1* 



23U 



BUDGET 
Administrative 
Request Budget 
records, and audft 1 
Information 



,{2316 

* 



Administrative 
Request 



Send events) 
contained in 
Request record(s) 
to the Response 
Method and 
generate 
Response records 
and Response 
request 



BUDGET Request 
and Response 
records 



,[2324 



Write BUDGET 
Administrative 
Response records 
into Administrative 
Object 



{2322 



-RMd 




BUDGET UOE and 
BUDGET 
Administrative 
Response 
Records 



2326 



2328 



Save communications 

and response 
processing audit trail 



-Writ© 




Communications 
and response 
processing audit 
traO 



2330 



Crcd BUDGET MethotK 
Administration J 
Response Process^ 



Figure 42c 



64/146 



WO 96/27155 



PCT/US96/02303 



/ 5tart6uCM5EY Method 
( Administrative Repty J 
V Process J 



Prims BUDGET 
Administrative end 
Communications Audit 
Trail 



Extract Response 
Records and 
Requests from 
Administrative 
Object and write 
Reply records to 
the secure 
database 



Save BUDGET 
Administrative and 
Communications Audit 
Trail 




...(2250 



BUDGET 
Administrative and | 
Communications 
Audit Trafl 



Some time later 



Prime audit trad (if 
required) 



,{2342 



Write * 



Audit TraO UDE 



Retrieve Reply record 
and determine method 
required to process it 



Send events) 
contained in Repty 

record(s) to the 
Reply method and 
generate / update 
database records 




BUDGET records 



Delete Reply record{s) 
from database 



{2352 



v 



BUDGET Reply 
Record(s) 



BUDGET Method 
Administrative 
Reply Process 

jp* Flow 



BUDGET Reply / £ 
Records and I 
Requests 



2338 



BUDGET 
Administrative and j 
Communications 
Audit Trail 



|2341 



2343 



BUDGET Reply 
records 



2346 



,{2330 



,{?33 



,(2355 



Audit Trail UDE 



Prime audit trail (if 
required) 



,{2354 



2356 



/End BUDGET Methbd\ 
( Administration Reply ] 
V Process J 



Figure 42d 



65/146 



WO 96/27155 



PCI7US96/02303 



/start Register Method\ 



Extract REGISTER 
record set from PERC 
or REGISTER MDE 



User selects 
registration options 

from method 
options in PERC 



Validate user selected 

registration options 



2426 



,{2420 



All selections 
valid? 



(2400 




REGISTER Trafl 
UOE 



REGISTER 
Method Use 
Process Flovv 



REGISTER Method 
completed 



.(2408 

'5 



2410 



PERC and/or 
REGISTER MDE 
(catalog) 




Queue REGISTER 
request record 



2420 



2416 



2418 



REGISTER 
Request Record 



[2432 



REGISTER Method 
Suspended 



12424 



Display 



42432 



URT 



Write URT containing 
user selections to 
database 



Write REGISTER Audit 
Record 



wntt 



-l X 
7 IT. 

o p 



REGISTER Method 
Completed 



{2436 

5 



2430 



Figure 43a 



66/146 



WO 96/27155 



PCT/US96/OU03 



fa 



Method Administrative 
Reouest Process 



^(2440 



communications audit 
treS 



-Write 




,[2446 



Determine sits 
configuration as 
permitted by privacy 
filter 



2*48 



Write REGISTER 
Administrative 
Request into 
Administrative 
Object 



-RMd 



2452 



Save communications 
audit trait 



REGISTER 
...|2400 Method 
.*« Administrative 
Request Process 
Flow 



Communications 
audit trat) 



2444 




Stored data 



..6 



2450 




REGISTER 
Administrative 
Request 
Record(s) 



J2454 



-Writt- 



f 



Communications 
audit trait 



,(5486 



S fend REGISTER \ 
(Method Administration) 
V Reouest Process y 



67/146 



Figure 43b 



WO 96/27155 



PCI7US96/02303 



S Start REGISTER N 
( Method A dminist r at ive] 
yResponse Process^ / 



Em 



Prime Ri 
Convnuntc 
Response 


EGISTER 
ations and - 
Audit Trail 




A 



-Writs 




...(2400 



Communications 
and Response 
Audit TraO 



Unpack Admin. 
Object and retrieve 
REGISTER 
requests) 



1 



Retrieve request and 

determine the 
response method to 
run to process the 
request 



,{2468 



REG1STER 
Administrative 
Requests and 
configuration 

information 



Administrative 
Request 



2472 




-No- 



Write failure response 
record to database 



Send events) 
contacted in 
Request record(s) 
to the Response 
Method and 
generate 
Response records 
and Response 
request 



,[2476 



fU«d/Writ»- 



Write REGISTER 

Administrative 
Response records 
into Administrative 
Object 



Save communications 

and response 
processing audit trail 




REGISTER 
Request and 
Response records I 
(response records, I 
PERC, UDE(s)) 



PERC, UDE(s). 
Methods and 
REGISTER 
Administrative 
Response 
Records 



Communications 

and response 
processing audit 
frail 



(2462 



REGISTER 

Method 
Administrative 

Response 
Process Flow 



,{2466 



{2470 



,{2474 



-I? 



2476 



2462 



2466 



2468 



f End REGISTER ^\ 
(Method Administration J 
yResponse Process y 



Figure 43c 



68/146 



WO 96/27155 



PCT/US96/02303 



/ Start fteStSTik \ 
(Method Administrative] 
V Repfr Process V 



1 

Prime Rl 
Administr 
Communics 
Tr 


[ 1 

EG1STER 
afive wid 
itians Audit 
bO 


1 


> 



2490 



Extract Response 
Records and 
Requests from 
Administrative 
Object and write 
Reply records to 
the secure 
database 



Save REGISTER 
Administrative and 
Communications Audit 
Trail 



Some time later 



Prime Audit Trail (if 
required) 



Retrieve Reply record 
and determine method 
required to process it 



Send events) 
contained in Reply 

record(s) to the 
Reply method and 
generate / update 
database records 



..-12400 REGISTER 

Method 
register / Administrative 

Vdministrative and J 

Co ^**"» y Reply Process 
* Flow 




REGISTER Reply 
Records and 
Requests 



REGISTER 
Administrative and | 
Communications 
Audit Trail 



Delete Reply record(s) 
from database 




Audit trail records 



REGISTER Reply 
records 



REGISTER secure 
database records 
(Methods, Load 
Modules. MDE. 
UOE) 



REGISTER Reply 
Record(s) 



.§ 



2500 



2502 



2504 



J 2508 



12511 



Audit trail records 



T 

VVIUB 



Write Audit Trail (if 
required) 



2513 



2512 



..e 



2514 



f End REGISTER 
Method Administration 
^ Reply Process 



ion^ 



69/146 



Figure 43d 



WO 96/27155 



PCT/US96/02303 



/Start AUbtT Methods, 
i Administrative Request) 
V Process J 



...|2520 



Prime AUDIT 
Ad minist r ati ve Audit 
Trail 



Queue Request for 

Administrative 
Processing of AUDIT 



230 



Save AUDIT 
Administrative Audit 
TraQ 



Some time later 



Write AUDIT 
Ad ministra tive 
Requests) into 
Administrative 
Obfect 



2542 



Save communications 
audit trail 



-Write- 




AUDIT 
Administrative 
Audit Trail 




AUDIT 
Administrative 
Request 




AUDIT 
Administrative 
Audit Trail 




Communications 
audit trail 



Specific UDE, 
Audit TraO 
UDE(s). and 
Administrative 
Request 
Record(s) 



Communications 
audit trail 



AUDIT Method 
w Administrative 
Request Process 
Flow 



2528 



2532 



{2536 



[2540 



2544 



70/146 



2546 



(Adrr 



rnd AUDIT MethodX 
(Administration Request) 
Process y 



Figure 44a 



WO 96/27155 



PCT/US96/02303 



✓Start aUDiT Methods 
( Administrative J 
V Response Procassy 



|2520 



Pitme AUDIT 
Communications and 
Response Audit TraS 




Com munication s 
and Response 
AudE Trail 



Unpack Admin. 
Object and retrieve 
AUDIT requests), 

audit trafl(s) and 
record(s) 




AUDIT 
Admin isU stive 
Request Budget 
records, and audit 



2960 



Retrieve request and 

determine the 
response method to 
run to process the 
request 




Administrative 
Request 



Sena events) 
contained in 
Request record(s) 
to the Response 
Method and 
generate 
Response records 
and Response 
request 



2964 



-Rasd 



AUDIT Request 
and Response 
records 



,{2968 



Write AUDIT 
Administrative 
Response records 
into Administrative 
Object 



FUad- 



AUDITUDE(s) and] 
Administrative 
Response 
Records 



AUDIT Method 
Administrative 

Response 
Process Flow 



2970 



|2572 



Save commu nications 

and response 
processing audit traB 



-write 




Communications 
and response 
processing audit 
trail 



1 



,5 



2574 



CEnd AUDIT MethodN 
Administration J 
Response Process^/ 



71/146 



Figure 44b 



WO 96/27155 



PCIYUS96/02303 



✓Start AUDIT Msthod\ 
( Administrative Reply ) 
V Process J 



^|2520 



.(no 



Prime 
Administr 
ConvTumtcs 
Tr 


AUDIT 
ativs and 
ibons Audit 

■a 







Extract Response 
Records and 
Requests from 
Administrative 
Object and write 
Reply records to 
the secure 
database 



Save AUDIT 
Administrative and 
Communications Audit 
Traa 




AUDIT 
Administrative and 
Communications 
Audit Trail 



AUDIT Reply 
Records and 
Requests 



Auorr 

Administrative and 
Communications 
Audit Traa 



Some time later 



Retrieve Reply record 
and determine method 
required to process it 



2592 



-Read 




AUDIT Reply 
records 



,6 



2595 



Sena events) 
contained In Reply 

record(s) to the 
Reply method and 
generate / update 
database records 



Rtsd/Wrrte 



{ 



secure database 
records 



,{2597 



Delete Reply record(s) 
from database 




AUDIT Reply 
Recont(s) 



72/146 



AUDIT Method 
Administrative 
Reply Process 
Flow 



2590 



{2594 



2596 



2598 



End AUDIT Mel 
Administration Reply 
Process 




Figure 44c 



WO 96/27155 



PCIYUS9OD2303 



in 
CD 




O 
UJ 



z 

Ul 

> 



3 
O 



73/146 



WO 96/27155 



PCT/US96/02303 



FIG. 46 



SYSTEM EVENT 
OCCURS 



CONTROL SET 
FROM PERC - 



CONTROL 
METHOD 



410 




402 



METER UDE 



METER TRAIL 
UDE 



BllllNG 
TRAIL 



BUDGE T UDE 
METER UDE 
BILLING UDE 



BUDGET 
UDE 



BUDGET TRAIL 
UDE 



74/146 



WO 96/27155 



PCT/US96S02303 



55 

CD 




75/146 



WO 96/27155 



PCT/CS96/02303 




LL 

76/146 



WO 96/27155 



PCI7US96/02J03 



/Start of OPEN MethooN 
I Preens i 



...|1500 



OPEN 
Method Use 
Process Flow 



OPOICmM 



CONTROL Method 



Create Read Channel Budget v*» 
and establish read / 
use controls 



-OPENEvtnt- 



-Atomic Bum* «id Court- 



-Alomte Bmnt «tf Coum- 



-BangAmouni- 



ftead Channtl 



/End of OPEN MethodN 
I Process J 



4? 



1510 



BUDGET 
Method 



1508 



BIUJNG 
Method 



EVENT 
Method 



1506 



METER 
Method 




77/146 



Figure 49 



WO 96727155 



PCT/US96/02303 



1500 



e=3 



..|T502 



OPEN Method 
Elements (Method j 
care. LM. UDE. 
MOE) 



,fi»4 



Audit UDE 



Determine identification 
of object and user to be 



,fi«o 



1 

OPEN bet Object BX Uwr ID 




-No- 



ma 



-Rod- 



Create channel and 
bind OPEN control 
elements to rt 



OPEN Event Objtct 10. User ID. Chaml 10 

i 



Prime Audit frf 
required) 



H533 



CaR the 
REGISTER 
Method tor the 
Object. Restart the 
OPEN Method 

once) the 
registration Is 
complete. 



Start Secure Database 
Transaction 



CONTROL Method 



Figure 49a 



78/146 



WO 96/27155 



PCT/US96702303 



\0/ 



\ .{[ 502 



.{T504 



Prime EVENT 
Audit TraB (if 
required) 



Map OPEN Event to 
Atomic Element # and 
event count using Map 
MDE 



Evont Event Count Atomic Etamtnt #. Obftd ID. Umt 10 



15461 



Write EVENT Audit 
TraB Of required) 



Aiomc £tstnont 9. Event 
Count 



-Ym. Pom- 



-Mo. F«3 EVEMT Moinod 





EVENT Method 
Audit Trail UDE 



,1544 



EVENT Method Map | 
MOE 




EVENT Method 
Audit Trail UDE 



EVENT Method 




-No- 



RoQ back secure 
database transaction 



.-Q 956 



-»^OPEN Method Paited^ 



N |tw CONTROL Method (cont'd) 



79/146 



Figure 49b 



WO 96/27155 



PCIYUS96/02303 




166*1 



Add EVENT Count 
to Meter value 



V 



METER Method/ Hen 
UDE (the 1 
Meter) 



15861 



Write METER 
Audit Trail (if 
required) 



I 



METER Vak* 



•No. Fta METER 



METER Method/- ^ m 
Audit Trail UDE 




,jl570 



METER Method 




Roll bade secure 


— < 


database transaction 





«574 



•r 



1S76 



80/146 



i^OPEN Maftod Failed^ 



CONTROL Method (confd) 



Figure 49c 



WO 96/27155 



PCT/US96/02303 



\ ( c y 




{T508 



I1ST8 



JtStt 



Prime 
BILLING 
Audit Trail (If 
required) 



1562} % 




BILLING 
Method Audit 
Trail UDE 



Map Atomic 
Element #. Count, 
and Meter Value to 
Billing Amount 
using Map MDE 



BILLING 
Method Map 
MDE (Price list)' 



I 



•1 



Write BILLING 
Audit Trail (if 
required) 



-WW » 



BILLING 
Method Audit 
Trail UDE 



I 



Bd&ftQ Amount 



Yt*. Pus- 



No. Fal BILLING Mtmed 





1590 



J 1564 



tsaa 



BILLING Method 



1532 



Roll back secure 
database transaction 



-0 



1S96 



-»^OPEN Method Fi8td^ 



CONTROL Method (cont'd) 



81/146 



Figure 49d 



WO 96/27155 



PCT/US96/02303 




1602} % 



Add Billing Amount 
to Budget value 



r 



BUDGET 
Method UDE 
(the Budget) 



^604 




1612 




No* 



Roll back secure 
database transaction 



1816 



-t^OPEN Method FaOed^ 



v Qeu CONTROL Method (cont'd) 



82/146 



Figure 49e 



PCIYUS96/02303 



Write OPEN Audit 
Trad (if required) 



Establish channel 
for READ Event 
Processing 



Cnsnntl ID 




Commit secure 
database 
transaction 



Tear down channel 
for open 
processing 
(optional) 



i 

> /6pEN Method Procctiv 
t Completed J 



fan 




Audit UDE 



Roll back secure 
database 
transaction 



1628 



..{1502 



URT, PERC fbr[. 
(object user) 



<OPEN Method \ 
Failed J 



CONTROL Method (cont'd) 



83/146 



Figure 49f 



WO 96/27155 



PCT/US96/02303 



/Start of READ Mtthod\ 

v Pncmn J 



READ 
{1650 Method Use 
Process Flow 



READ Event 



-REAOEwnt- 



—Atomic Etafncnt snd Counl- 
Motor Votoo 



CONTROL Method 



Decry pi fingerprint and 
obscure content 



Dvoyptsd Content 



/End of 



READ Method^ 
Process 



£ 



1680 



BUDGET 
Method 



£■ 



1658 



B1LUNG 
Method 



1854 



EVENT 
Method 



£ 



1636 




METER 
Method 



eio 



84/146 



Figure 50 



WO 96/27155 



PCT/US967023Q3 



1650 




READEMftf 



Datanrttna hiantli 


» — — 
caoon 


of object and w 


«rlO 


for faad 





I 

READ Evert. Objad ID. UMrO 




Start Secure Database 
Tfansacbon 



CONTROL Method 



\©/' 



85/146 



Figure 50a 



WO 96/27155 



PCT/US96/02303 



-,©./ 



...jT652 



...JT654 



1874 



SNT \ 

iPf ) < 



Prim© EVENT 
AudtTraB 
required) / 



Map READ Event to 
Atomic Element # and 
•vent count using Map 
MDE 



Event. Evert Count Atonic Btmtnl *. Qtjttl ID. 
ID 

♦ 



1682 



-I. 



Write EVENT Audit 
Trail (tf required) 



Atom Bmnt # . Evtftf Count 



.•[« 



1078 




EVENT Method 
Audit TraO UDE 




EVENT Method Map j 
MDE 



1680 



EVENT Method 
Audit Trail UDE 



16*4 



EVENT Method 




CONTROL Method (cont'd) 



Figure 50b 



86/146 



WO 96/27155 



PCT/US96/02303 




|T652 



{1656 



1694 



Prime 
METER 
Audit TraO (if 
required) 



-WMta- 



METER Method 
Audit Trail UDE 



Add EVENT Count 
to Meter value 



METER Method) 
UDE (the 
Meter) 



Write METER 
Audit Trail (if 
required) 



T 




J 1704 



METER Method 
Audit Trail UDE 



METER Vafcit 




-No. Fri METER 



METER Method 



1708 




Roll back secure 


— < 


database transaction 





1712 



READ Method Failed 



5 



87/146 



CONTROL Method (cont'd) 



Figure 50c 



WO 96/27155 



PCT/US96/02303 




....{T652 



|T658 



I17U 



line 



Prime 
BILLING 
Audit Tran Of 
required) 




BILLING 
Method Audit 
Trail UDE 



1718 



Map Atomic 
Element #, Count 
and Meter Value to 
Billing Amount 
using Map MDE 



4 RtKJ — ^ 



BILLING 
Method Map 
MDE (Price list) 1 



B«nQ Amount r^ m 



£724 



Write BILLING 
Audit Trail (if 
required) 



f 



BILLING 
Method Audit 
Trail UDE 



Biliin? Amount 




173B 



-No. Fs3 BILLING Mttfwd 



BILLING Method 



1725 




Ron back secure 
database transaction 



1732 



-p^READ Method Faflc^ 



N [mo CONTROL Method (cont'd) 



Figure 50d 



88/146 



WO 96/27155 



PCT/US96/02303 



...{T562 



{1660 



Prime 
BUDGET 
Audit Trail (if 
required) 




BUDGET 
Method Audit 
Trail UDE 



< 


,Qtw 


Add Billing Amount 
to Budget value 






A 742 


Write BUDGET 
Audit Trail (if 
required) 









,1740 



BUDGET 
Method UDE 
(the Budget) 



BUDGET 
Aethod Audi 
Trail UDE 




1746 



-No. PASS 



BUDGET Method 




Rot) back secure 
database transaction 



.-0 



1752 



p^&EAD Method Faitec^ 



N 0 



roe 



89/146 



CONTROL Method (confd) 



Figure 50e 



WO 96/27155 



PCT/US96/02303 




1794 



Write OPEN Audit 
Trail (if required) 



Determine key to 
use to decrypt 
content 



R7B2 



Obtain 
encrypted 
content using 
ACCESS 
Method 



Decrypt content 
using DECRYPT 



-[[652 



Figure 50f 



.Qtsb 




Audit UDE 



PERCfor 
(object, user) 



CONTROL Method (cont'd) 




1774 



Commit secure 
database transaction 



1778 



READ Method Proces 
wompieieo 



5 



90/146 



WO 96/27155 



PCT/US96702303 



/£tert of WRITE Metho^t 
I Process J 



...{7780 



WRITE 
Method Use 
Process Flow 



WRITE Ewflt 



17S2 



-WKJIfc Ewnt- 



™Atorric Bsnvnt sod Cowt~ 
Mtttr Vrtu« 



CONTROL Method l-B»ne vitas 
Budgtt v+M 

Encrypt content end 
update event 



Encvyptsd Content 



WRITE Method^ 
Process 



ft 



1790 



-0' 



1788 



BILLING 
Method 



EVENT 
Method 



1794 



f [i78e 




METER 
Method 



6t0 



91/146 



Figure 51 



WO 96/27155 



PCT/US96/02303 



1780 



^tsrt of WRITE Methc^, 



.,[1782 



WRITE Evwtf 



u e mi i mie tovnuncaiton 
of object and user ID 
for read 




Start Secure Database 
Tra nsactio n 




92/146 



Figure 51a 



WO 96/27155 



PCT/US96/02303 




93/146 



WO 96/27155 



PCT/US96/D2303 



.....|T782 



|?786 









Prime 




METER 


> 


Audit TraO (if 




required) 




< 


r 





Add EVENT Count 
to Meter value 



Write METER 

Audit Trail (if 
required) 



I 



METER Vtfu* 



METER Method/ 
Audit Trail UDE 



METER Method 
UDE (the 
Meter) 



1M 




METER Method/ 
Audit Trail UDE 



METER Method 




i»«a 



CONTROL Method (cont'd) 



Figure 51c 



94/146 



WO 96/27155 



PCT/US96/02303 



....{1782 



....(1788 



Prime 
BILLING 
Audit Trail (if 
required) 




BILLING 
Method Audit 
Trail UDE 



USB 



Map Atomic 
Element #, Count 
and Meter Value to 
Billing Amount 
using Map MDE 



4 — FUad ^ 



BILLING 
Method Map 
MDE (Price list) 1 



I860 



Write BILLING 
Audit Trail (if 
required) 



r 

\ 



BILLING 
Method Audit 
Trail UDE 



Billing Amount 




-No. Ftl BILLING 



BILLING Method 




RoU back secure 
database transaction 



,<0' 



1B8S 



WRITE Method Fafled 



-> 



CONTROL Method (cont'd) 



Figure 51 d 



95/146 



WO 96/27155 



PCT/US967023Q3 



-Yt>. FAILS 



...{1782 



{T790 



Prime 
BUDGET 

Audit Trail (if 
required) 




BUDGET 
Method Audit 
Trail UDE 



1 


,fw4 Tisn 


Add Billing Amount 
to Budget value 


/ BUDGET / 
•.rmomm* J Method UDE 
\ (the Budget) \ 


< 




Write BUDGET 

Audit Trail (if 
required) 


/ BUDGET / 
— mm- J Method Audit 
\ Trail UDE \ 








BUDGET Method 



-No. PASS 



1U4 



returns OK? 




RoD bade secure 


— < 


database transaction 





WRfTE Method Failed 



ed^ 



1B88 



••■r 



CONTROL Method (cont'd) 



Figure 51e 



96/146 



WO 96/27155 



PCT/US96/02303 



1890 



Write WRITE Audit 
Trail (if required) 



Determine key to 
use to encrypt 
content 



.-E 



1898 



Encrypt content 
using ENCRYPT 
method 



1900 



Write content to 

object using 
ACCESS method 



1902 



Update container TOC 
and related information 



-{1782 




Audit UDE 



,-Q" 8 



PERC for 
(object, user) 



CONTROL Method (cont'd) 



1904 



Commit secure 
database transaction 



1908 



TTE Method Proces 
Completed 



3 



97/146 



Figure 51f 



WO 96/27155 



FCT/US96/02303 



V Proc e s s / 



Prime Audit trail (if 
required) 



Destroy channel and 
release resources 



,{1928 



Write Audit Trail (if 
required) 



-Write- 



1920 




Audit UDE 



(i«4 



1930 



7 



Audit UDE 



CLOSE 
Method 
Process Flow 



/End CLOSE Method^ 
I Process J 



98/146 



Figure 52 



WO 96/27155 



PCT/US96/0230J 



[EVENT Method Start j 

I 

EVEKT. Event Count Evtnt 



Prime EVEKT 
Audi Trail (if 
required) 




Load MAP MDE DTD 



Map Event to Atomic 
Element # and event 
count using Map MDE 



-Read 



I 

wt Evtnt Count. Atomic Element f . Object ID, U»er 
ID 

JL 1 ,|l070 



[[940 



1M4 




EVENT Method 
Audit Trafl UDE 



.{ma 



EVENT Method Map [ 
DTD 




"7 



EVENT Method Map 
MDE 



Write EVENT Audit 
Trail (if required) 



* * t. r 

Write — J 



EVENT Method 
Audit Trail UDE 



Atomic Element #. Event 
Count 




EVENT 
Method 
Process 
Flows 



Figure 53a 



99/146 



WO 96/27155 



PCT/US96/U2303 



f StartofMAP \ 
I Process ) 
1 

En* Evtfd Count AE i, Obgtd ©. Umt 
© 



Look up event in MDE 



1954 



Sample 
EVENT 
Method 
Mapping 
Process 




Compare event range 
to AE translation table 
and determine AE # 
and optional count 




Calculate AE count 
from event range 



f End of EVENT Map\ 
[ ' Process J 



100/146 



Figure 53b 



WO 96/27155 



PCIYUS96/02303 



^ BILLING Method Start ^ 



■ I 

Prime BILLING 
Audit TraB (if 
required) 



(1985 



Load MAP MOE DTD 



4 — Rud- 



..c« 



1988 



Map meter value to 
billing amount using 

Map MDE (and 
possibly database 
elements) 



B&ng Amount 

i 



...fl980 




BILLING Method 
Audit Trail UDE 



1068 



BILLING Method 
Map DTD 



,[1989 



BILLING Method 
Map MDE (and 
optionally others) 



1992 



Write BILLING Audit 
Trail (if required) 



1.-12"° r 

Write— 



BILLING Method 
Audit Trail UDE 



BILLING 
Method 
Process 
Flows 




101/146 



Figure 53c 



WO 96/27155 



PCTAJS96/02303 



^CCESS Methods^) 



runic 
ACCESS Audit 
1M0T 

requfred) 



Load ACCESS Method 
MDEDTD 



Load encrypted 
content source and 
routing information 



Locition of Content 



(2000 




ACCESS Method 
AudaTra3U0E 



.-6" 



ACCESS Method 
DTD 



ACCESS Method 
MOE 



Open connection to the 
content service. 




..e 



2016 



ACCESS 
Method 
Process Flow 



ACCESS Method A 

"V Failed J 



1 




Write ACCESS Audit 
Trail (if required) 


1 





2022 



-Wrte- 



(End of ACCESS \ 
Method y 



{2024 



ACCESS Method 
Audit Trail UDE 



102/146 



Figure 54 



WO 96/27155 



PCT/ES96/02303 



(Start DECRYPT \ 



Select key mnnber 
ftuin key btock 



Load key from PERC 



-Rud 




2038 



Convolute key (if 
required) 



Decrypt btock 



Dtoyptadbtoc* ,(»«2 



(End of DECRYPT N 
Method J 



,|2030 



DECRYPT 
Method 
Process Flow 



PERC 



103/146 



Figure 55a 



WO 96/27155 



PCT/US96/D2303 



C StSft ENCRYPT *\ 
Method J 

i r 

Bloat to Encrypt V2B32 

A ' 



Determine key to 
um from key block 



Load key from PERC 
or 

Add key to PERC 



Convolute key (If 
required) 



Encrypt block 



encrypted block 



CEnd of ENCRYPT \ 
Mock J 



|2050 




PERC 



"7 

A 



ENCRYPT 

Method 
Process Flow 



104/146 



Figure 55b 



WO 96/27155 



PCT/US96/Q2303 



c 



Start COMTENTa 
Method 




-|2070 



Securely read 
information from 
container 
(according to 
synopsis algortthm) 
and produce 
synopsis 



T 



1 

Readc 
information 


ontent 
from object 






: . 


1 

Release 
desa 


i content 

Iption 



4— fUad — Object container 



jjOTS 



(End of CONTENT N 
Method J 



CONTENT 
Method 
Process Flow 



105/146 



Figure 56 



WO 96/17155 



PCT/US96/02303 



(Start EXTRACT \ 
Method Process J 



T 

B 

t_ 



j2080 



Prime Audit 



EXTRACT 
Method 
Process Flow 



•>Rud- 



AutfitUDE 



CaD BUDGET 
method to chock 
extract budget for 

original object 




12090 



Write Failure Audit 




record 





2092 



<End of EXTRACT "\ 
Method J 



Ytt 



Create copy of 
extracted object 
with specified 
controls (this is a 
call to a method 
that controls the 
copy) 



20»4 



2106 




106/146 



Figure 57a 



WO 96/27155 



PCT/US96/02303 



|2110 



/Start EMBED MethodN 




,{5l14 



EMBED 
Method 
Process Flow 



Audit UDE 



Call BUDGET 
met h od to check 
embed budget for 
destination object 




2122 



EMBED Method 



©d) 



Write object into 
destination 
container, 
abstracting 
controls (catting a 
method to abstract 
or change the 
controls) 



..B 



2128 



User spe rifts new 

or changed 
controls and calls a 



method to create a 
new PERC that 
reflects these 
controls 



2130 





2134 



Figure 57b 



107/146 



WO 96/27155 



PCT/US96/02303 



(Start OBSCURE \ 
Method J 



.||140 



CaB EVENT 
Methodic 
determine if 
content is in range 
to be obscured 



{2142 



OBSCURE 

Method 
Process Flow 




Apply transform 



.{2156 



(End of OBSCURE A 
Method J 



108/146 



Figure 58a 



WO 96/27155 



PCT/US96/D2303 



Start FINGERPRINT 

Method 

y 



(2160 



2182 



CaO EVENT 
Method to 

determine if 
content is in range 
to be fingerprinted 



FINGERPRINT 
Method Process 
Flow 




Apply transform 




Figure 58b 

109/146 



WO 96/27155 



PCT/US96/02303 




110/146 



WO 96/27155 



PCIVUS96/02303 



(Start of DESTROY *\ 
Method J 



Prime Audit 



CaD ACCESS 
Method to write 
garbage at head of 
object 



Mark URT or other 
control structures as 
damaged 



Write Audit 



CEnd of DESTROY^ 
Method J 



..-|21 80 



2154 




Audit UDE 




2190 



URT or other 
control structures 



,5 



2194 



Audit UDE 



DESTROY 
Method 
Process Flow 



111/146 



Figure 59 



WO 96/27155 



PCT/OS96/0J303 



^Stert of PANIC Method) 

.(an 



Prims Audit 



CaO CLOSE 
Method to dose 
the channel 



,{2212 



Write Audit 



-Write 



^|2200 



Audit UDE 




2210 



URT, PERC(s) 




"7 



Audit UDE 



PANIC 
Method 
Process Flow 



,[2216 



^End of PANIC Method^ 



112/146 



Figure 60 



WO 96/27155 



PCT/US96/02303 



/Start METER MethodN 
I Um Process J 

1 

Atomic EJxrani. Event 



Prim* METER Audit 
Trafl 



Obta in DTD for 
METER 



Obtain METER 



-Read 



2234 




2239 



Update METER using 
Atomic Element and 
count 



2242 



Save METER Use 
Audit Record 



(METER Method ^ 
Succeeded J 



12246 



...|2220 




METER Audit Trafl | 
UDE 




DTD far METER 
UDE 




METER UDE 



..6 



Commit METER 
Failure Audit Record 



METER UDE 



3244 




METER Audit Trail | 
UDE 



113/146 



METER 
Method Use 
Process Flow 



.{2238 

i^METER Method Failed) 



Figure 61 



WO 96/27155 



PCT/US96/02303 



FIG. 62 

KEY CONVOLUTION PROCESS 



2821 



SITE ID 



RTC 528 
HIGH BITS 



810 



SECRET KEY 
CONVOLUTION SEED v 
VALUE 



2861 



IN 



DES 



.2871 



OUT 



CURRENT 
CONVOLUTION 
KEY 



-2862 



KEY 



1 










CONTENT KEY FROM 
PERC 60S 




DES 


OUT 


ACTUAL 
CONTENT 


IN 




KEY 













■ —2853 



114/146 



WO 96/27155 



PCT/US96/02303 




115/146 



WO 96/27155 



PCI7US96/02303 



FIG. 64 SPU KEY IN mAUZATI ON/INSTALLATION 



LM CERT. PUB KEY(S) 
DOWNLOAD PUB KEY(S) 



2813, 2814 



S ■ v 2811 

f MFG STTE CERT -X— * 
I PUB KEY I 

' 2812 r 

(MFG SITE CERT ^\ 
PRIVKEY f - 



r SITE ID AND \ 
I CHARACTERISTICS r 

J 



2821. 2822 



PPE EXTENSION TO 
GEN SrTE CERT 
DURING MFG 
(OPTIONAL) 



MFG CERT. GEN 
(PKSIGN) 

2804 



^SITE PUB KEY 

28 

^SrTE PRIVKEY ^ 



2823 



SITE ID 
CERT 



> 



SITE DB KEYS j ^- 

28 

^SPTE PRNG SEEDJ " 



VDE 
CERT1F. 
OB 

2803 



SECURE 
NON-VOLATILE 
KEY 
STORAGE 



2802 



116/146 



WO 96/27155 



PCT/US96/02303 



FIG. 65 KEY INSTALLATION & UPDATE 



c 



PRIVHDR KEYS 





2813 


VDE 


SFTEPUB KEY^i 


CEK11F 
DB 


FROM SITE CERT i 
2823 L 



■\ 2831 

y 



2832 



EXT. COMM KEYS 



2804 



I 
I 
I 



PPE650 



r 



ADMIN OBJ KEYS 



-S. ABM 

^OTHER SHARED KEY^ 



PK ENCRYPT 



i 2841 
i 



n StTEPRIV KEY 2816 



PK DECRYPT 



i 



SECURE 
NON-VOLATILE 
KEY 
STORAGE 



2802 



117/146 



WO 96/27155 



PCT/US96/02303 



PPE650 



SECURE NON- 
VOLATILE KEY 
STORAGE 
2802 



PRIV HOR KEY 
2831 



SECURE DB KEY 
2817 



ADMIN OBJECT! 
(CONTROLS) 
870 



DECRYPT 



PERC 



2843 



STATIONARY 
CONTENT 
OBJECT 
850 



▼ 

ENCRYPT 



PRIVATE BODY 
KEY FROM 
PERC 810 



2844 



DECRYPT 



2845 



SECURE 
DATABASE 
610 



CONTENT 



FIG . 66 STATIONARY OBJECT DECRYPTION 

118/146 



WO 96/27155 



FCT/US96/02303 



PPE650 



TRAVELING 
OBJECT 
860 




2802 



PRIVATE HEADER 
KEY 2831 



SECURE FILE/ 
DATABASE KEY 2817 



2B44 



DECRYPT 



PERC 
880 



\encrypted 

CONTENT 



843 



▼ 

ENCRYPT 



PRIVATE BODY KEY 
FROM PERC 810 



DECRYPT 



2845 



CONTENT 



SECURE DB 
610 



FIG. 67 TRAVELING OBJECT DECRYPTION 

119/146 



WO 96/27155 



FCT/US96/02303 



1370 



FIG. 68 



SPU INITIALIZATION 



C 



START 



RESET 
SPU 



ESTABLISH 
SECURE 
COMMUNICATIONS 



UPDATE 
SPU INTERNAL 
BOOTSTRAP 



Y 
V 



1372 



1374 



DOWNLOAD 
FIRMWARE 
INTO SPU 



1378 



DOWNLOAD 
UNIQUE DEVICE 
ID INTO SPU 



DOWNLOAD/INIT. 
KEYS. TAGS 
ANO CERTFICATES 



Y 



INFTIALIZE 
SPU 

REAL TIME CLOCK 



INITIALIZE 
SUMMARY 
VALUES 



13S0 



1382 



1384 



1386 

Y 



INITIALIZE | 1388 
SECURE !>> 
DATABASE | 



120/146 



WO 96/27155 



PCT/US96/02303 



:J90 



1394 




1398 




1400 



1402 



1404 



CALCULATE DtGrTAL 
SIGNATURE 




NO 



c 



FAIL 



1401 

y 



NO (STORE IN SECURE DB) 



TAG 
FIRMWARE 



STORE IN SPU 
NON-VOLATILE 
MEMORY 






ENCRYPT AND 1 
STORE IN SECURE | 
DB 1 








l 





1406 

V 



1406 



FIG. 69 

SPU FIRMWARE 
DOWNLOAD 



121/146 



WO 96/27155 



PCI7US96/02303 



2630 

\ 



600(1) 



654(1) 



653(1) 



c 



CPU 



2632(1) 



II 



ROM 



656(1 



II 



RAM 

c? — 



1 



500(1) 



SPU 
7 



V INTER- 
FACE/ 
CTRL 



2634(1) 



CONN 



654(2) 



600(2) 



620 



2636 



653(2) 



JSSSSSu \~\)> CONTROLLER 



2632(2) 



J L 



J L 



ROM 

eSetlZp - 656(2) 



II 



RAM 
■J— 



BUS 



SPU 
500(2) ^ 



INTER- 
FACE/ 
CTRL 



2634(2) | 

XL 



CONN. 



614 



600(3) 



263B 
653(3) 



DISPLAY 
MECHANISM 



■J=. 



654(3) 



2632(3) 



p CONTROLLER 



t 



J L 



ROM 
658{3)> 



II 



RAM 



BUS 



656(3)^ 



SPU 
500(3)7 



INTER- 
FACE/ 
CTRL 



2634(3) 



CONN 



600(N) 



2640 

653(N) 
i 



PRINT 
MECHANISM 



IT 



l CONTROLLER 



J I 



IE 



ROM 

658(N)^ 



RAM 
656(N)3? 



IE 



BUS 



500(N) 



SPU 



[INTER- 
FACE/ 
CTRL 



2634(N)| 



CONN. 



FIG. 70 

122/146 



2631 
(672) 



WO 96/27155 



PCT/US96/02303 



if 



CO 

1 



3 




. < 

o a 

E I 

s 



5 

Q. 

CO 

O 



A 



I 
I 



r 



a 



8 







BATI 






CL 



CM 



CM 

8 



CN 
CN 

<p 7i — 

1 ^ M 
LU . 



CN 



S r- 

CO i 

I 

I 

— I 

I 

I 



2 
O 

< 
(X 



<D 
CN 



•J ffi V 



9 

a 

CO 





s 




2 



123/146 



WO 96/27155 



PCT/US96/0230J 



LOG IN USER INTERFACE 



r 



182 



USER "NAME: 



PASSVORD: 



SHEAR, V. 



LOGIN 



CANCEL 



□ 



LOGIN AT STARTUP 



HELP 



FIG. 72A 



FIG. 72B 



2660 



A 



YOU HAVE REQUESTED THESE 
PROPERTIES: 



CANCEL 



LOONEY TUNES NEWS! ^ APPROVE 
_ 2662 



SUSPEND 



PROPERTY INFO \ YourCoat $7.60 MCWE OPTIONS 3 



2664 



124/146 



WO 96/27155 



PCI7US96/02303 



FIG. 72C 



2666 



SET LIMITS: 

SESSION DOLLAR LIMIT: $ 

TRANSACTION DOLLAR LIMIT: $ 

TIME LIMIT (IN MINUTES): 

UNIT LIMIT: 



SO 



SO 



2668 
2670 



50 



2674 



OK 



CANCEL 



HELP! 



v. 

2672 



125/146 



WO 96/27155 



PCI7US96/02303 




UJ 

o 
< 





o 








UJ 




a 




CO 








cn 



s 

o 

a 
O 

S 
o 
S 



Q 
O 



€0 
UJ 

UJ 
0- 

o 

CL 
UJ 

co 

UJ 
X 

o 

UJ 

»- 

CO 
UJ 

a 

UJ 
DC 

UJ 

> 
< 

X 

o 
>- 



UJ 

> 
o 
or 

Q. 
CL 
< 



i 

Ul 

o 
o 

•J 



o 



CO 

O 
a 

a: 

ID 
O 



4 4 4| 



4 4 



5 ^ 



io Q 

CM P 



a 



3 - 



< 2 

0 o 

$ 5 

LU UJ 

2 2 

ae a: 

Ul Ul 

* 1 

1 I 

CM 



5 5 

CL CL 

CO CO 

5 o 



o 

£88 



8 8 8 2 8 



Q CM 



o 

rr 
o 
u 

UJ 

cc 



a 
cc 
o 
a 



5 8 



< < 

5 o 

Ul UJ 

CC DC 

Ul Ul 



I 



a: 

s f 



5 



CD 

2 



to cm r*- 



K 2 m 

O UJ p 

H O 5 

O OC z 

Ul UJ | 

co cl 5 



|: in s 



< 2 < 

0 Q O 
UJ UJ UJ 

2 2 2 

5 5 5 

Ul UJ Ul 

2 2 2 

a: cc k 

UJ UJ Ul 

2 2 2 

5 5 $ 

1 5 I 



g? g go 

ID CO 5 

m in v 

CM CM CO 



as 




2 






| 


in 




CM 




iri 




CM 


CM 


•* 





a. co 
co o 



< S 

0 Q 

LU UJ 

2 5 

5 * 

Ul UJ 

2 £ 

5 | 

" I 

1 1 



CO 00 

8 § 

CM to 




a. 

Ul 



CD 

a 

UJ 
UJ 



UJ 

a 

2 

Ul 

tr 

UJ 

u. 

Ul 

oc 
a 



cc 

UJ 

u. 

CO 



>- 
or 
o 

CO 
X 



Ui 

o 
o 

CD 

g 

5 
o 



CO 

H- 

UJ 

O 
D 
D 
CD 

§ 

X 

CO 



CO 

2 



Ul 
CO 



126/146 



PCT/US96/02303 



FIG. 73 



PUBUC HEADER 



/ 



3000 



PRIVATE HEADER 



PRIVATE BODY 



RULES 
FOR 
CONTAINER 300 



RULES 
FOR 
CONTAINER 
300x 



RULES 
FOR 
RIGHTS 
NEGOTIATION 



RULES 
FOR 

CONTAINER 300y 



CONTENT 
OBJECT 



SOFTWARE AGENT 



RULES 
FOR 

CONTAINER 300w 



RULES 
FOR 

CONTAINER 3002 



RULES 

FOR 
AGENT 
EXECUTION 



CONTENT 
OBJECT 



RULES 
FOR 
INFORMATION- 
SEARCH 



INFORMATION (ROUTING) 
LOCATIONS AND RELATED DATA 



CONTENT 
OBJECT 



RULES 
FOR 
INFORMATION 
RETRIEVED 



INFORMATION RETRIEVED 



ADMIN. 
OBJECT 



AUDIT HISTORY OF 
AGENT 
EXECUTION 



RULES 
FOR 
AUDIT 
RETURNED 



- 802 

- 804 
.806 

806c 



806f 



„ 300z(1) 

, 300xJ2) 
- 300y(1) 

. 300y(2) 
300x(1) 

■ 300x(2) 
^300wt1) 



127/146 



WO 96/27155 



PCT/US96702303 



FIG. 74 



301C 



Ul □ QJ 
Ul 

o 



VDE SITE WITH AGENT 
EXECUTION SERVICE AND 
SOFTWARE DESCRIPTION 
LIST DATABASE 




3020 



VDE SITE WITH AGENT 
EXECUTION SERVICE AND 
SOFTWARE DESCRIPTION 
UST DATABASE 



IS 5 



VDE SITE WITH 
INFORMATION LOCATOR 
SERVICE 

I . 



SMART OBJECT 
SEND TO SECOND VDE 
SITE AFTER FAILURE ON 
FIRST VDE SITE 



^3010 



SMART OBJECT 
, SENT TO VDE SITE 
DESIRED SERVICES 



3022 



SMART OBJECT 
WITH DESIRED 
INFORMATION 
RETURNS TO 
SENDER 



3024 



3012 



loiM 



SMART OF JECT SENT TO DETERMINE 
- LOCATION OF DATABASE TO USE 



USER VDE SITE 



3010 



128/146 



WO 96/27155 



PCT/US96/02J03 



FIG. 75A 



3104 



3106, 



PERC HEADER 



cso 



PRIVATE 
BODY KEYS 



3100 



USE RIGHT HDR 



CSR 



KEYS 



PkHMHIbU CONTROL SU " 
(USE W/O INFO. PASSBACK) 



CONTROL METHOD (VENDING) 



REQUIRED METHOD, BUDGET 


METHOD OPTION: 
VISA 


METHOD OPTION: MhlHUU UH IIUN: 
MASTERCARD | AMEX 



REQUIRED METHOD, BILLING ($100 FIXED, ONE TIME) 



DESIRED CONTROL SET 
(USE WITH INFO. PASSBACK) 



CONTROL METHOD (VENDING 
WITH "RESPONSE CARD") 



REQUIRED METHOD, BUDGET 


METHOD OPTION: 
VISA 


METHOD OP HON: I METHOD OPTION: 
MASTERCARD | AMEX 


REQUIRED METHOD, AUDIT (COLLECTION 
PERSONAL INFORMATION) 


REQUIRED 
j FIELDS 


DESIRED FIELDS | 



REQUIRED METHOD, BILLING ($25 FIXED. ONE TIME) 



129/146 



WO 96/27155 



PCT/US96/02303 



FIG. 75B 



PERC HEADER 



CSO 



3125 
/ 



PRIVATE 
BODY KEYS 



USE RIGHT HDR 



CSR 



KEYS 



CSR 



DESIRED METHOD, BUDGET 


METHOD OPTION: 
VISA 


UbSIKhU UDc: 
MYV1SABUDGET 



REQUIRED METHOD. BILLING (<$150 FIXED. ONE TIME) 




DESIRED CONTROL SET 
(USE WITH INFO. PASSBACK) 



CONTROL METHOD (VENDING 
WITH "RESPONSE CARD*) 



1 HkUUIKkU Mbl HUU. AUUI 1 

(COLLECTION PERSONAL INFORMATION) / 


"PERMITTED 
FIELDS 





REQUIRED METHOD, BILLING (<W0. FIXED. ONE TIME) 



-A 



PERMITTED CONTROL SET 
(USE W/O INFO PASSBACK) 



CONTROL METHOD (VENDING) 



130/146 



WO 96/27155 



PCT/US9d/02303 



FIG. 75C 



PERC HEADER 



CSO 



PRIVATE 
BODY KEYS 



3150 

—i 



NEGOTIATE 
RIGHT HOR 



CSR 



KEYS 



PERMIT! bU CONTROL SET 
(TRUSTED NEGOTIATOR) 



CONTROL METHOD 
(NEGOTIATE) 



REQUIRED UOE 


REQUIRED UDE: 


PERC1 


PERC2 



PERMITTED CONTROL SET 
(MULTIPLE NEGOT. PROCESSES) 



CONTROL METHOD (NEGOTIATE) 



REQUIRED METHOD: NEGOTIATE 1 


ft£QUlRED UDE: 
PERC1 





REQUIRED METHOD: NEGOTIATE2 


REQUIRED UDE: 
PERC2 





131/146 



WO 96/27155 



PCT/US96/02303 



FIG. 75D 



3162.. 
3164 



3166. 



URT HEADER 



USE 
RIGHT HDR 



CSO 



DIGITAL 
SIGNATURE 



CSR 



CONTROL tkl(Ui>k WUH 
INFO. PASSBACK) 



CONTROL METHOD(VENDING 
WITH -RESPONSE CARD**) 



REQUIRED METHOD. BUDGET 


METHOD OPTION: 
VISA 


DESIRED UDE: 
MYVISABUDGET | 



| REQUIRED Mb I HOD, AUtSIl (COLLkUION 

PERSONAL INFORMATION) 


PERMIT I hU 
FIELDS 





3170 



REQUIRED METHOD, BIUJNG($25, FIXED. ONE TIME) 



3160 



132/146 



WO 96/27155 



PCT/US96/02303 



3202(1) 



3202(2) 



3202(N) 



CLAUSE 1 



CLAUSE 2 



CLAUSE N 



DIGITAL 
SIGNTURE 



DIGITAL 
SIGNATURE 



0204(1 




3204(M)^ 


3208(1) ^ 




STEP 1 








3208(2) v 




STEP 2 



3208(4) 



ELECTRONIC 
CONTRACT 



FIG. 75E 



3200 



3206 



FIG. 75F 




3208(5) 



133/146 



WO 96/27155 



PCT/US96/02303 



FIG. 76A 



PERC1 



7s 

/ 808a 



PERC 



I 

RULES SET 1 

1 



7 

M / 808n 



RULES SET N 

1 



SHARED NEGOTIATION 
PROCESS 
3172 



ELECTRONIC CONTRACT 1 



ELECTRONIC 



CONTRACT 2 



3160a 



PERC/URT 1 



• • f PERC/URT N 



3160n. 



NEGOTIATION 
f PROCESS RULES 
AND CONTROLS 



3150 



7 



134/146 



WO 96/27155 



PCT/US96/02303 



FIG. 76B 




ELECTRONIC CONTRACT 1 



ELECTRONIC CONTRACT 2 



PERC/URT 1 



3160a 



9 • • 



PERC/URT 



3160n 



135/146 



WO 96/27155 



PCT/US96/02303 



108 



< 



O 

X 

H 
Z 
ID 

Z 

o 
o 

g 
z 
o 

o 

Ui 

-J 

UJ 




FIG. 77 



VDE CONTENT 
CREATOR 



102 



100 




VDE RIGHT/ 
DISTRIBUTOR 





1(X> 



CUENT 
ADMINISTRATOR 




114 



"TOE 






USER 






TWO 










VDE 






USER 






N 









1168 



116b- 



1 




35 
m 

T) 
O 

2 

O 

I 

m 
z 

H 

CO 



Bias iy* 



FINANCIAL 
CLEARINGHOUSE 



VDE 
ADMINISTRATOR 



J 



136/146 



WO 96/27155 



PCIYUS96/02303 




137/146 



WO 96/27155 



PCr/US9d/02303 



FIG. 79 



CREATOR A 



CREATOR B 



DISTRIBUTOR A 



USER A 




USER/ 

DISTRIBUTOR A 



USER/ 

DISTRIBUTOR B 



CREATOR C 



DISTRIBUTOR C 



CREATOR D 



DISTRIBUTOR B 





CREATOR 




E 



CLIENT 

ADMINISTRATOR 



USERC 



USER B 




USER/ 

DISTRIBUTOR 
C 



USER E 



UI USER D 



138/146 



WO 96/27155 



PCT/US96/02303 



FIG. 80 



CREl 


ITORA 






DISTRIBUTOR A 
D.(CJ 



USER A 



USER B 
U.(D A (CJ) 



USER/DISTRIBUTOR A 
UD 4 {D»(CJ) 



USER/DISTRIBUTOR B 
UD,(UD.(D.(CJ)) 



USER B 

U,(UD,(UD*{D*(CJ))) 



139/146 



WO 96/27155 



FCT/US96/023Q3 




WO 96/27155 



PCIYDS96/02303 




141/146 



WO 96/27155 



PCT/US96/D2303 



FIG. 83 



CREATOR D 
Co 



CREATOR B 
C. 



DISTRIBUTOR C 
D C (C.C C C 0 ) 



USER B 
U.(D e (C,C e C D )) 



CREATOR C 



DISTRIBUTOR B 
D.{D C (C.C C C 0 )C,) 



USER B 
U.(D.(D C (C.C C C 0 )C,)) 



CREATOR E 



CLIENT ADMINISTRATOR 
CA(D.(O e (C.C e C D )C t }) 



USERC 
U e (CA(D.(D e (C,C e C 0 )CJ)) 



USERE 
U,(D.(D C (C.C C C 0 )C,)) 



USER/OISTRIBUTOR C 
UD e (CA(D,(O e (C,C c C e )C,))) 



USER D 
U B {CA(D,(D e (C.C e C B )C,))) 



USERE 
U.(CA(D.(D c (C.C e C 0 )C,))) 



USERD 

U 0 (UD e (CA(0.(O e (C,C e C e )C.)))) 



142/146 



96/27155 



PCT/US96/02303 




WO 96/27155 



PCIYUS96/02303 



FIG. 85 




DISPLAY 



"EDIT 



EXTRACT 
rKSTKIBOTF 



"EDBgFT 

$22,000 
PRINT 



.200(A) 




DISPLAY 



PkMT 
DISIHIUUIL 



BUbflST- 
$8,000 



.300(B) 



3452(1) 



3450 



CLIENT ADMINISTRATOR 




DISPLAY 
BUDGET « 
$2,000 
[ DISTRIBUTE ! 



PRINT 



BUDGET * 
$3,000 



DISTRIBUTE 



I 



3«2(2) 




PLANNING Jtf 
ADMINISTRATOR 



DISPLAY 

"EEfT 



BUDGET i 
$10,000 



DISTRIBUTE 



3452(K) 

L 



RESEARCH & DEVELOPMENT 
ADMINISTRATOR 




bX T RAC T 



BUDGE T 
$10,000 



PRIRT 

lUISlHIUU T El 



DISPLAY 
"BUDGET - 
$S,000 



DISTRIBUTE 




144/146 



WO 96/27155 



FCT/US96/Q2303 




WO 96/27155 



FCT/US96/02303 




146/146 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 



Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 



□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 



IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



BEST AVAILABLE IMAGES 




LINES OR MARKS ON ORIGINAL DOCUMENT 



